diff --git a/.github/knownwords.txt b/.github/knownwords.txt index cbdf1d3acc..c53e4d80f1 100644 --- a/.github/knownwords.txt +++ b/.github/knownwords.txt @@ -1120,7 +1120,6 @@ clientAuthenticationMethod clientAuthenticationPolicy clientId clientSecret -cloient cloudfront cnf cockroachdb @@ -1865,6 +1864,7 @@ relicensing relyingPartyApplicationId relyingPartyURL rememberDevice +rememberOAuthScopeConsentChoiceTimeToLiveInSeconds rememberPreviousPasswords renderErrors replicable @@ -3057,3 +3057,25 @@ SATAC's audiobooks monetization boto +ebooks +sunsetting +Nuxt +nuxt +Vue's +typedoc +Vercel +SSR +injectable +observables +Actix +vue +DockerHub +Forgerock +Stytch +premade +actionee +MailDev +unscoped +scopeHandlingPolicy +GIS + diff --git a/.github/scripts/.gitignore b/.github/scripts/.gitignore new file mode 100644 index 0000000000..b5f41a18e4 --- /dev/null +++ b/.github/scripts/.gitignore @@ -0,0 +1,2 @@ +*.list +*.sorted diff --git a/.github/scripts/count-repos.sh b/.github/scripts/count-repos.sh old mode 100644 new mode 100755 index 469033df2f..2ebe39f0f7 --- a/.github/scripts/count-repos.sh +++ b/.github/scripts/count-repos.sh @@ -1,31 +1,157 @@ -#!/bin/sh +#!/usr/bin/env bash -SHOW_DIFF=0 -if [ "$1x" == "-vx" ]; then - SHOW_DIFF=1 -fi +# Ensure the example apps listed at https://fusionauth.io/docs/extend/examples/example-repos +# and the count of repos that should be on that page are the same. -# count the repos we have in our example apps page and the number we have in our organization and make sure they match +# set -o errexit +set -o nounset +set -o pipefail -#fusionauth-containers, fusionauth-theme-helper, etc -EXTRA_IN_JSON_NOT_NAMED_CORRECTLY=4 +MYDIR=$(cd -- "$(dirname "$0")" || exit >/dev/null 2>&1; pwd -P) +export MYDIR +cd "${MYDIR}" || exit -# fusionauth-example-template and (temporarily) fusionauth-example-vue-sdk -EXTRA_IN_GH_NOT_DISPLAYABLE=2 +JSONFILE="../../astro/src/content/json/exampleapps.json" +SUM_JSON=0 # Count of repos from JSONFILE +SUM_GH=0 # Count of repos from gh cli +TOTAL=0 # Difference between SUM_JSON and SUM_GH -cat astro/src/content/json/exampleapps.json|jq '.[]|.url' |sed 's/"//g'|sed 's!https://github.com/!!i' > json.list -COUNT_IN_JSON=`wc -l json.list |sed 's/^ *//' |sed 's/ .*//'` +# Parse args, if any. +DIFF=0 +VERBOSE=0 +while [[ $# -gt 0 ]]; do + case "$1" in + -d|--diff) DIFF=1; shift;; + -v|--verbose) VERBOSE=1; shift;; + *) echo "ERROR: invalid argument"; exit 1;; + esac +done -gh repo list fusionauth --no-archived --visibility public -L 300 |grep fusionauth-example | sed 's/\t.*//g'> ex.list -COUNT_EXAMPLE_REPOS=`wc -l ex.list |sed 's/^ *//' |sed 's/ .*//'` -gh repo list fusionauth --no-archived --visibility public -L 300 |grep fusionauth-quickstart | sed 's/\t.*//g'> qs.list -COUNT_QUICKSTART_REPOS=`wc -l qs.list |sed 's/^ *//' |sed 's/ .*//'` +# Get the repo URLs from JSONFILE and extract the repo names. +# Sort them and output to json.list +function get_json_repos() { + # Repos that will be returned by the `gh` commands below, but are + # intentionally excluded from JSONFILE for... reasons? + local EXCLUDE=( + "fusionauth-example-ruby-on-rails-custom-scopes" + "fusionauth-example-template" + "fusionauth-example-vue-sdk" + "fusionauth-quickstart-kotlin-android-native" + "fusionauth-quickstart-javascript-nuxt-web" + ) -if [ $SHOW_DIFF -eq 1 ]; then - sort json.list > json.sorted - sort ex.list qs.list > gh.sorted - diff json.sorted gh.sorted -fi + jq -r '.[].url' "$JSONFILE" | awk -F'/' '{print $NF}' > json.list -echo "$COUNT_QUICKSTART_REPOS + $COUNT_EXAMPLE_REPOS - $EXTRA_IN_GH_NOT_DISPLAYABLE - $COUNT_IN_JSON + $EXTRA_IN_JSON_NOT_NAMED_CORRECTLY"|bc + # Add the EXCLUDE repos to json.list + for repo in "${EXCLUDE[@]}"; do + echo "$repo" >> json.list + done + sort -o json.list json.list + + # Get the count of repos in json.list + SUM_JSON=$(wc -l < json.list | xargs) + + if [[ "$VERBOSE" -eq 1 ]]; then + echo -e "\nRepos read from exampleapps.json:\n" + cat json.list + echo -e "\nSUM_JSON: $SUM_JSON" + fi +} + + +# Get repos via gh cli +# Sort them and output to gh.list +function get_gh_repos() { + # Repos that don't conform to naming standards. These have to be manually + # added to the list of repos retrieved via the gh cli tool. + local ADD_NAMES=( + "fusionauth-containers" + "fusionauth-contrib" + "fusionauth-import-scripts" + "fusionauth-theme-helper" + ) + + gh repo list fusionauth --no-archived --visibility public -L 300 \ + | grep fusionauth-example | awk '{print $1}' | awk -F'/' '{print $NF}' > gh.list + + # Get all fusionauth-quickstart repos, sort them, and output them to qs.list. + gh repo list fusionauth --no-archived --visibility public -L 300 \ + | grep fusionauth-quickstart | awk '{print $1}' | awk -F'/' '{print $NF}' >> gh.list + + # Add the ADD_NAMES repos to gh.list + for repo in "${ADD_NAMES[@]}"; do + echo "$repo" >> gh.list + done + sort -o gh.list gh.list + + SUM_GH=$(wc -l < gh.list | xargs) + + if [[ "$VERBOSE" -eq 1 ]]; then + echo -e "\ngh cli repos:\n" + cat gh.list + echo -e "\nSUM_GH: $SUM_GH" + fi +} + + +function get_total() { + TOTAL=$(( SUM_JSON - SUM_GH )) + + if [[ "$VERBOSE" -eq 1 ]]; then + echo -e "\nTotals\n" + echo "SUM_JSON: $SUM_JSON" + echo " SUM_GH: - $SUM_GH" + echo " -----" + echo " TOTAL: $TOTAL" + fi +} + + +function show_diff() { + set +xv + echo -e "\nShowing file diff...\n" + output="$(diff -du --color=always json.list gh.list)" + if [[ -n "$output" ]]; then + printf -- "%s\n" "$output" + else + printf -- "Files are identical, no diff to show\n" + fi +} + + +function help() { + echo -e "\nERROR: DIFF is non-zero\n" + cat << EOF +This means that there is a discrepancy between the number of repos +in $(basename "$JSONFILE") and the repo counts being returned by calls +to the GitHub API. Try running the script with the -d flag to show the +file diff. This may indicate which repo(s) are causing the discrepancy. + +If there is a discrepancy, you have three options to resolve it: + + 1. Add it to $JSONFILE + 2. Add it to the EXCLUDE array, if it's intentionally excluded from $JSONFILE + 3. Add it to the ADD_NAMES array, if it's a repo with a non-standard name +EOF +} + + +function main() { + get_json_repos + get_gh_repos + get_total + + # Show a file diff if reqiested. + if [[ "$DIFF" -eq 1 ]]; then show_diff; fi + + # Show help if the check fails. + if [[ "$TOTAL" -ne 0 ]]; then help; fi + + # Use TOTAL as the exit code. This means that if there's a non-zero + # difference in the counts, this will fail. + exit $TOTAL +} + + +main "$@" diff --git a/.github/vale/styles/config/vocabularies/FusionAuth/accept.txt b/.github/vale/styles/config/vocabularies/FusionAuth/accept.txt new file mode 100644 index 0000000000..b37d60146d --- /dev/null +++ b/.github/vale/styles/config/vocabularies/FusionAuth/accept.txt @@ -0,0 +1,131 @@ +[Aa]utoscaling +Aiven +anonymization +API +authorizer +Bachman +Basecamp +[Bb]crypt +Boolean +boolean +CAPTCHA +[Cc]yber +[Cc]yberattack +[Cc]ybercriminal +[Cc]ybersecurity +Cognito +CRM +cron +crypto +CSP +cutover +CVE +datacenter +datastore +[Dd]ev +defragmentation +deprovision +deserialize +Dinoch +Dockerfile +Equifax +Erlich +esport +failover +Fastly +FIDO +[Ff]intech +[Ff]usion[Aa]uth +gameplay +Guice +HAProxy +Hashicorp +Hathcock +Hooli +hostname +Hubspot +Id +Infosec +initializer +interoperate +Inversoft +ISP +Istio +jinja +Jens +JMeter +[Jj][Ww][Tt] +Kaspersky +Kerberos +Keycloak +keypair +Laravel +Linkerd +Linode +lossy +Metasploit +middleware +minifier +namespace +nginx +ngrok +npm +Nuxt +OAuth +Okta +onboarded +[Oo]ffboarding +[Oo]nboarding +Packagist +passcode +pentesting +performant +Pinterest +plaintext +Postgres +[Pp]asswordless +pretexting +prototype +pseudocode +pseudonymization +pseudonymize +Psyonix +Pulumi +[Qq]uickstart +reauthenticate +reauthentication +repo +[Rr]eindex +[Rr]elicensing +[Rr]oadmap +Schaefer +SDK +SHA +Shopify +signup +SLA +[Ss]crypt +SSD +[Ss]erverless +[Ss]harding +Splunk +Stytch +Supabase +Tangany +themeable +Twilio +URI +virtualized +VPN +Vue +WebAuthn +webview +Wordpress +WUPHF +[Ww]ebapp +Xbox +Xcode +xkcd +Yubico +YubiKey +Zendesk diff --git a/.github/vale/styles/write-good/Cliches.yml b/.github/vale/styles/write-good/Cliches.yml new file mode 100644 index 0000000000..c95314387b --- /dev/null +++ b/.github/vale/styles/write-good/Cliches.yml @@ -0,0 +1,702 @@ +extends: existence +message: "Try to avoid using clichés like '%s'." +ignorecase: true +level: warning +tokens: + - a chip off the old block + - a clean slate + - a dark and stormy night + - a far cry + - a fine kettle of fish + - a loose cannon + - a penny saved is a penny earned + - a tough row to hoe + - a word to the wise + - ace in the hole + - acid test + - add insult to injury + - against all odds + - air your dirty laundry + - all fun and games + - all in a day's work + - all talk, no action + - all thumbs + - all your eggs in one basket + - all's fair in love and war + - all's well that ends well + - almighty dollar + - American as apple pie + - an axe to grind + - another day, another dollar + - armed to the teeth + - as luck would have it + - as old as time + - as the crow flies + - at loose ends + - at my wits end + - avoid like the plague + - babe in the woods + - back against the wall + - back in the saddle + - back to square one + - back to the drawing board + - bad to the bone + - badge of honor + - bald faced liar + - ballpark figure + - banging your head against a brick wall + - baptism by fire + - barking up the wrong tree + - bat out of hell + - be all and end all + - beat a dead horse + - beat around the bush + - been there, done that + - beggars can't be choosers + - behind the eight ball + - bend over backwards + - benefit of the doubt + - bent out of shape + - best thing since sliced bread + - bet your bottom dollar + - better half + - better late than never + - better mousetrap + - better safe than sorry + - between a rock and a hard place + - beyond the pale + - bide your time + - big as life + - big cheese + - big fish in a small pond + - big man on campus + - bigger they are the harder they fall + - bird in the hand + - bird's eye view + - birds and the bees + - birds of a feather flock together + - bit the hand that feeds you + - bite the bullet + - bite the dust + - bitten off more than he can chew + - black as coal + - black as pitch + - black as the ace of spades + - blast from the past + - bleeding heart + - blessing in disguise + - blind ambition + - blind as a bat + - blind leading the blind + - blood is thicker than water + - blood sweat and tears + - blow off steam + - blow your own horn + - blushing bride + - boils down to + - bolt from the blue + - bone to pick + - bored stiff + - bored to tears + - bottomless pit + - boys will be boys + - bright and early + - brings home the bacon + - broad across the beam + - broken record + - brought back to reality + - bull by the horns + - bull in a china shop + - burn the midnight oil + - burning question + - burning the candle at both ends + - burst your bubble + - bury the hatchet + - busy as a bee + - by hook or by crook + - call a spade a spade + - called onto the carpet + - calm before the storm + - can of worms + - can't cut the mustard + - can't hold a candle to + - case of mistaken identity + - cat got your tongue + - cat's meow + - caught in the crossfire + - caught red-handed + - checkered past + - chomping at the bit + - cleanliness is next to godliness + - clear as a bell + - clear as mud + - close to the vest + - cock and bull story + - cold shoulder + - come hell or high water + - cool as a cucumber + - cool, calm, and collected + - cost a king's ransom + - count your blessings + - crack of dawn + - crash course + - creature comforts + - cross that bridge when you come to it + - crushing blow + - cry like a baby + - cry me a river + - cry over spilt milk + - crystal clear + - curiosity killed the cat + - cut and dried + - cut through the red tape + - cut to the chase + - cute as a bugs ear + - cute as a button + - cute as a puppy + - cuts to the quick + - dark before the dawn + - day in, day out + - dead as a doornail + - devil is in the details + - dime a dozen + - divide and conquer + - dog and pony show + - dog days + - dog eat dog + - dog tired + - don't burn your bridges + - don't count your chickens + - don't look a gift horse in the mouth + - don't rock the boat + - don't step on anyone's toes + - don't take any wooden nickels + - down and out + - down at the heels + - down in the dumps + - down the hatch + - down to earth + - draw the line + - dressed to kill + - dressed to the nines + - drives me up the wall + - dull as dishwater + - dyed in the wool + - eagle eye + - ear to the ground + - early bird catches the worm + - easier said than done + - easy as pie + - eat your heart out + - eat your words + - eleventh hour + - even the playing field + - every dog has its day + - every fiber of my being + - everything but the kitchen sink + - eye for an eye + - face the music + - facts of life + - fair weather friend + - fall by the wayside + - fan the flames + - feast or famine + - feather your nest + - feathered friends + - few and far between + - fifteen minutes of fame + - filthy vermin + - fine kettle of fish + - fish out of water + - fishing for a compliment + - fit as a fiddle + - fit the bill + - fit to be tied + - flash in the pan + - flat as a pancake + - flip your lid + - flog a dead horse + - fly by night + - fly the coop + - follow your heart + - for all intents and purposes + - for the birds + - for what it's worth + - force of nature + - force to be reckoned with + - forgive and forget + - fox in the henhouse + - free and easy + - free as a bird + - fresh as a daisy + - full steam ahead + - fun in the sun + - garbage in, garbage out + - gentle as a lamb + - get a kick out of + - get a leg up + - get down and dirty + - get the lead out + - get to the bottom of + - get your feet wet + - gets my goat + - gilding the lily + - give and take + - go against the grain + - go at it tooth and nail + - go for broke + - go him one better + - go the extra mile + - go with the flow + - goes without saying + - good as gold + - good deed for the day + - good things come to those who wait + - good time was had by all + - good times were had by all + - greased lightning + - greek to me + - green thumb + - green-eyed monster + - grist for the mill + - growing like a weed + - hair of the dog + - hand to mouth + - happy as a clam + - happy as a lark + - hasn't a clue + - have a nice day + - have high hopes + - have the last laugh + - haven't got a row to hoe + - head honcho + - head over heels + - hear a pin drop + - heard it through the grapevine + - heart's content + - heavy as lead + - hem and haw + - high and dry + - high and mighty + - high as a kite + - hit paydirt + - hold your head up high + - hold your horses + - hold your own + - hold your tongue + - honest as the day is long + - horns of a dilemma + - horse of a different color + - hot under the collar + - hour of need + - I beg to differ + - icing on the cake + - if the shoe fits + - if the shoe were on the other foot + - in a jam + - in a jiffy + - in a nutshell + - in a pig's eye + - in a pinch + - in a word + - in hot water + - in the gutter + - in the nick of time + - in the thick of it + - in your dreams + - it ain't over till the fat lady sings + - it goes without saying + - it takes all kinds + - it takes one to know one + - it's a small world + - it's only a matter of time + - ivory tower + - Jack of all trades + - jockey for position + - jog your memory + - joined at the hip + - judge a book by its cover + - jump down your throat + - jump in with both feet + - jump on the bandwagon + - jump the gun + - jump to conclusions + - just a hop, skip, and a jump + - just the ticket + - justice is blind + - keep a stiff upper lip + - keep an eye on + - keep it simple, stupid + - keep the home fires burning + - keep up with the Joneses + - keep your chin up + - keep your fingers crossed + - kick the bucket + - kick up your heels + - kick your feet up + - kid in a candy store + - kill two birds with one stone + - kiss of death + - knock it out of the park + - knock on wood + - knock your socks off + - know him from Adam + - know the ropes + - know the score + - knuckle down + - knuckle sandwich + - knuckle under + - labor of love + - ladder of success + - land on your feet + - lap of luxury + - last but not least + - last hurrah + - last-ditch effort + - law of the jungle + - law of the land + - lay down the law + - leaps and bounds + - let sleeping dogs lie + - let the cat out of the bag + - let the good times roll + - let your hair down + - let's talk turkey + - letter perfect + - lick your wounds + - lies like a rug + - life's a bitch + - life's a grind + - light at the end of the tunnel + - lighter than a feather + - lighter than air + - like clockwork + - like father like son + - like taking candy from a baby + - like there's no tomorrow + - lion's share + - live and learn + - live and let live + - long and short of it + - long lost love + - look before you leap + - look down your nose + - look what the cat dragged in + - looking a gift horse in the mouth + - looks like death warmed over + - loose cannon + - lose your head + - lose your temper + - loud as a horn + - lounge lizard + - loved and lost + - low man on the totem pole + - luck of the draw + - luck of the Irish + - make hay while the sun shines + - make money hand over fist + - make my day + - make the best of a bad situation + - make the best of it + - make your blood boil + - man of few words + - man's best friend + - mark my words + - meaningful dialogue + - missed the boat on that one + - moment in the sun + - moment of glory + - moment of truth + - money to burn + - more power to you + - more than one way to skin a cat + - movers and shakers + - moving experience + - naked as a jaybird + - naked truth + - neat as a pin + - needle in a haystack + - needless to say + - neither here nor there + - never look back + - never say never + - nip and tuck + - nip it in the bud + - no guts, no glory + - no love lost + - no pain, no gain + - no skin off my back + - no stone unturned + - no time like the present + - no use crying over spilled milk + - nose to the grindstone + - not a hope in hell + - not a minute's peace + - not in my backyard + - not playing with a full deck + - not the end of the world + - not written in stone + - nothing to sneeze at + - nothing ventured nothing gained + - now we're cooking + - off the top of my head + - off the wagon + - off the wall + - old hat + - older and wiser + - older than dirt + - older than Methuselah + - on a roll + - on cloud nine + - on pins and needles + - on the bandwagon + - on the money + - on the nose + - on the rocks + - on the spot + - on the tip of my tongue + - on the wagon + - on thin ice + - once bitten, twice shy + - one bad apple doesn't spoil the bushel + - one born every minute + - one brick short + - one foot in the grave + - one in a million + - one red cent + - only game in town + - open a can of worms + - open and shut case + - open the flood gates + - opportunity doesn't knock twice + - out of pocket + - out of sight, out of mind + - out of the frying pan into the fire + - out of the woods + - out on a limb + - over a barrel + - over the hump + - pain and suffering + - pain in the + - panic button + - par for the course + - part and parcel + - party pooper + - pass the buck + - patience is a virtue + - pay through the nose + - penny pincher + - perfect storm + - pig in a poke + - pile it on + - pillar of the community + - pin your hopes on + - pitter patter of little feet + - plain as day + - plain as the nose on your face + - play by the rules + - play your cards right + - playing the field + - playing with fire + - pleased as punch + - plenty of fish in the sea + - point with pride + - poor as a church mouse + - pot calling the kettle black + - pretty as a picture + - pull a fast one + - pull your punches + - pulling your leg + - pure as the driven snow + - put it in a nutshell + - put one over on you + - put the cart before the horse + - put the pedal to the metal + - put your best foot forward + - put your foot down + - quick as a bunny + - quick as a lick + - quick as a wink + - quick as lightning + - quiet as a dormouse + - rags to riches + - raining buckets + - raining cats and dogs + - rank and file + - rat race + - reap what you sow + - red as a beet + - red herring + - reinvent the wheel + - rich and famous + - rings a bell + - ripe old age + - ripped me off + - rise and shine + - road to hell is paved with good intentions + - rob Peter to pay Paul + - roll over in the grave + - rub the wrong way + - ruled the roost + - running in circles + - sad but true + - sadder but wiser + - salt of the earth + - scared stiff + - scared to death + - sealed with a kiss + - second to none + - see eye to eye + - seen the light + - seize the day + - set the record straight + - set the world on fire + - set your teeth on edge + - sharp as a tack + - shoot for the moon + - shoot the breeze + - shot in the dark + - shoulder to the wheel + - sick as a dog + - sigh of relief + - signed, sealed, and delivered + - sink or swim + - six of one, half a dozen of another + - skating on thin ice + - slept like a log + - slinging mud + - slippery as an eel + - slow as molasses + - smart as a whip + - smooth as a baby's bottom + - sneaking suspicion + - snug as a bug in a rug + - sow wild oats + - spare the rod, spoil the child + - speak of the devil + - spilled the beans + - spinning your wheels + - spitting image of + - spoke with relish + - spread like wildfire + - spring to life + - squeaky wheel gets the grease + - stands out like a sore thumb + - start from scratch + - stick in the mud + - still waters run deep + - stitch in time + - stop and smell the roses + - straight as an arrow + - straw that broke the camel's back + - strong as an ox + - stubborn as a mule + - stuff that dreams are made of + - stuffed shirt + - sweating blood + - sweating bullets + - take a load off + - take one for the team + - take the bait + - take the bull by the horns + - take the plunge + - takes one to know one + - takes two to tango + - the more the merrier + - the real deal + - the real McCoy + - the red carpet treatment + - the same old story + - there is no accounting for taste + - thick as a brick + - thick as thieves + - thin as a rail + - think outside of the box + - third time's the charm + - this day and age + - this hurts me worse than it hurts you + - this point in time + - three sheets to the wind + - through thick and thin + - throw in the towel + - tie one on + - tighter than a drum + - time and time again + - time is of the essence + - tip of the iceberg + - tired but happy + - to coin a phrase + - to each his own + - to make a long story short + - to the best of my knowledge + - toe the line + - tongue in cheek + - too good to be true + - too hot to handle + - too numerous to mention + - touch with a ten foot pole + - tough as nails + - trial and error + - trials and tribulations + - tried and true + - trip down memory lane + - twist of fate + - two cents worth + - two peas in a pod + - ugly as sin + - under the counter + - under the gun + - under the same roof + - under the weather + - until the cows come home + - unvarnished truth + - up the creek + - uphill battle + - upper crust + - upset the applecart + - vain attempt + - vain effort + - vanquish the enemy + - vested interest + - waiting for the other shoe to drop + - wakeup call + - warm welcome + - watch your p's and q's + - watch your tongue + - watching the clock + - water under the bridge + - weather the storm + - weed them out + - week of Sundays + - went belly up + - wet behind the ears + - what goes around comes around + - what you see is what you get + - when it rains, it pours + - when push comes to shove + - when the cat's away + - when the going gets tough, the tough get going + - white as a sheet + - whole ball of wax + - whole hog + - whole nine yards + - wild goose chase + - will wonders never cease? + - wisdom of the ages + - wise as an owl + - wolf at the door + - words fail me + - work like a dog + - world weary + - worst nightmare + - worth its weight in gold + - wrong side of the bed + - yanking your chain + - yappy as a dog + - years young + - you are what you eat + - you can run but you can't hide + - you only live once + - you're the boss + - young and foolish + - young and vibrant diff --git a/.github/vale/styles/write-good/E-Prime.yml b/.github/vale/styles/write-good/E-Prime.yml new file mode 100644 index 0000000000..fdc47a0a52 --- /dev/null +++ b/.github/vale/styles/write-good/E-Prime.yml @@ -0,0 +1,31 @@ +extends: existence +message: "Try to avoid using '%s'." +ignorecase: true +level: suggestion +tokens: + - am + - are + - aren't + - be + - been + - being + - he's + - here's + - here's + - how's + - i'm + - is + - isn't + - she's + - that's + - there's + - they're + - was + - wasn't + - we're + - were + - weren't + - what's + - where's + - who's + - you're diff --git a/.github/vale/styles/write-good/Illusions.yml b/.github/vale/styles/write-good/Illusions.yml new file mode 100644 index 0000000000..b4f1321859 --- /dev/null +++ b/.github/vale/styles/write-good/Illusions.yml @@ -0,0 +1,11 @@ +extends: repetition +message: "'%s' is repeated!" +level: warning +alpha: true +action: + name: edit + params: + - truncate + - " " +tokens: + - '[^\s]+' diff --git a/.github/vale/styles/write-good/Passive.yml b/.github/vale/styles/write-good/Passive.yml new file mode 100644 index 0000000000..f472cb9049 --- /dev/null +++ b/.github/vale/styles/write-good/Passive.yml @@ -0,0 +1,183 @@ +extends: existence +message: "'%s' may be passive voice. Use active voice if you can." +ignorecase: true +level: warning +raw: + - \b(am|are|were|being|is|been|was|be)\b\s* +tokens: + - '[\w]+ed' + - awoken + - beat + - become + - been + - begun + - bent + - beset + - bet + - bid + - bidden + - bitten + - bled + - blown + - born + - bought + - bound + - bred + - broadcast + - broken + - brought + - built + - burnt + - burst + - cast + - caught + - chosen + - clung + - come + - cost + - crept + - cut + - dealt + - dived + - done + - drawn + - dreamt + - driven + - drunk + - dug + - eaten + - fallen + - fed + - felt + - fit + - fled + - flown + - flung + - forbidden + - foregone + - forgiven + - forgotten + - forsaken + - fought + - found + - frozen + - given + - gone + - gotten + - ground + - grown + - heard + - held + - hidden + - hit + - hung + - hurt + - kept + - knelt + - knit + - known + - laid + - lain + - leapt + - learnt + - led + - left + - lent + - let + - lighted + - lost + - made + - meant + - met + - misspelt + - mistaken + - mown + - overcome + - overdone + - overtaken + - overthrown + - paid + - pled + - proven + - put + - quit + - read + - rid + - ridden + - risen + - run + - rung + - said + - sat + - sawn + - seen + - sent + - set + - sewn + - shaken + - shaven + - shed + - shod + - shone + - shorn + - shot + - shown + - shrunk + - shut + - slain + - slept + - slid + - slit + - slung + - smitten + - sold + - sought + - sown + - sped + - spent + - spilt + - spit + - split + - spoken + - spread + - sprung + - spun + - stolen + - stood + - stridden + - striven + - struck + - strung + - stuck + - stung + - stunk + - sung + - sunk + - swept + - swollen + - sworn + - swum + - swung + - taken + - taught + - thought + - thrived + - thrown + - thrust + - told + - torn + - trodden + - understood + - upheld + - upset + - wed + - wept + - withheld + - withstood + - woken + - won + - worn + - wound + - woven + - written + - wrung diff --git a/.github/vale/styles/write-good/README.md b/.github/vale/styles/write-good/README.md new file mode 100644 index 0000000000..3edcc9b376 --- /dev/null +++ b/.github/vale/styles/write-good/README.md @@ -0,0 +1,27 @@ +Based on [write-good](https://github.com/btford/write-good). + +> Naive linter for English prose for developers who can't write good and wanna learn to do other stuff good too. + +``` +The MIT License (MIT) + +Copyright (c) 2014 Brian Ford + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +``` diff --git a/.github/vale/styles/write-good/TooWordy.yml b/.github/vale/styles/write-good/TooWordy.yml new file mode 100644 index 0000000000..275701b196 --- /dev/null +++ b/.github/vale/styles/write-good/TooWordy.yml @@ -0,0 +1,221 @@ +extends: existence +message: "'%s' is too wordy." +ignorecase: true +level: warning +tokens: + - a number of + - abundance + - accede to + - accelerate + - accentuate + - accompany + - accomplish + - accorded + - accrue + - acquiesce + - acquire + - additional + - adjacent to + - adjustment + - admissible + - advantageous + - adversely impact + - advise + - aforementioned + - aggregate + - aircraft + - all of + - all things considered + - alleviate + - allocate + - along the lines of + - already existing + - alternatively + - amazing + - ameliorate + - anticipate + - apparent + - appreciable + - as a matter of fact + - as a means of + - as far as I'm concerned + - as of yet + - as to + - as yet + - ascertain + - assistance + - at the present time + - at this time + - attain + - attributable to + - authorize + - because of the fact that + - belated + - benefit from + - bestow + - by means of + - by virtue of + - by virtue of the fact that + - cease + - close proximity + - commence + - comply with + - concerning + - consequently + - consolidate + - constitutes + - demonstrate + - depart + - designate + - discontinue + - due to the fact that + - each and every + - economical + - eliminate + - elucidate + - employ + - endeavor + - enumerate + - equitable + - equivalent + - evaluate + - evidenced + - exclusively + - expedite + - expend + - expiration + - facilitate + - factual evidence + - feasible + - finalize + - first and foremost + - for all intents and purposes + - for the most part + - for the purpose of + - forfeit + - formulate + - have a tendency to + - honest truth + - however + - if and when + - impacted + - implement + - in a manner of speaking + - in a timely manner + - in a very real sense + - in accordance with + - in addition + - in all likelihood + - in an effort to + - in between + - in excess of + - in lieu of + - in light of the fact that + - in many cases + - in my opinion + - in order to + - in regard to + - in some instances + - in terms of + - in the case of + - in the event that + - in the final analysis + - in the nature of + - in the near future + - in the process of + - inception + - incumbent upon + - indicate + - indication + - initiate + - irregardless + - is applicable to + - is authorized to + - is responsible for + - it is + - it is essential + - it seems that + - it was + - magnitude + - maximum + - methodology + - minimize + - minimum + - modify + - monitor + - multiple + - necessitate + - nevertheless + - not certain + - not many + - not often + - not unless + - not unlike + - notwithstanding + - null and void + - numerous + - objective + - obligate + - obtain + - on the contrary + - on the other hand + - one particular + - optimum + - overall + - owing to the fact that + - participate + - particulars + - pass away + - pertaining to + - point in time + - portion + - possess + - preclude + - previously + - prior to + - prioritize + - procure + - proficiency + - provided that + - purchase + - put simply + - readily apparent + - refer back + - regarding + - relocate + - remainder + - remuneration + - requirement + - reside + - residence + - retain + - satisfy + - shall + - should you wish + - similar to + - solicit + - span across + - strategize + - subsequent + - substantial + - successfully complete + - sufficient + - terminate + - the month of + - the point I am trying to make + - therefore + - time period + - took advantage of + - transmit + - transpire + - type of + - until such time as + - utilization + - utilize + - validate + - various different + - what I mean to say is + - whether or not + - with respect to + - with the exception of + - witnessed diff --git a/.github/vale/styles/write-good/Weasel.yml b/.github/vale/styles/write-good/Weasel.yml new file mode 100644 index 0000000000..e29391444b --- /dev/null +++ b/.github/vale/styles/write-good/Weasel.yml @@ -0,0 +1,207 @@ +extends: existence +message: "'%s' is a weasel word!" +ignorecase: true +level: warning +tokens: + - absolutely + - accidentally + - additionally + - allegedly + - alternatively + - angrily + - anxiously + - approximately + - awkwardly + - badly + - barely + - beautifully + - blindly + - boldly + - bravely + - brightly + - briskly + - bristly + - bubbly + - busily + - calmly + - carefully + - carelessly + - cautiously + - cheerfully + - clearly + - closely + - coldly + - completely + - consequently + - correctly + - courageously + - crinkly + - cruelly + - crumbly + - cuddly + - currently + - daily + - daringly + - deadly + - definitely + - deliberately + - doubtfully + - dumbly + - eagerly + - early + - easily + - elegantly + - enormously + - enthusiastically + - equally + - especially + - eventually + - exactly + - exceedingly + - exclusively + - extremely + - fairly + - faithfully + - fatally + - fiercely + - finally + - fondly + - few + - foolishly + - fortunately + - frankly + - frantically + - generously + - gently + - giggly + - gladly + - gracefully + - greedily + - happily + - hardly + - hastily + - healthily + - heartily + - helpfully + - honestly + - hourly + - hungrily + - hurriedly + - immediately + - impatiently + - inadequately + - ingeniously + - innocently + - inquisitively + - interestingly + - irritably + - jiggly + - joyously + - justly + - kindly + - largely + - lately + - lazily + - likely + - literally + - lonely + - loosely + - loudly + - loudly + - luckily + - madly + - many + - mentally + - mildly + - monthly + - mortally + - mostly + - mysteriously + - neatly + - nervously + - nightly + - noisily + - normally + - obediently + - occasionally + - only + - openly + - painfully + - particularly + - patiently + - perfectly + - politely + - poorly + - powerfully + - presumably + - previously + - promptly + - punctually + - quarterly + - quickly + - quietly + - rapidly + - rarely + - really + - recently + - recklessly + - regularly + - remarkably + - relatively + - reluctantly + - repeatedly + - rightfully + - roughly + - rudely + - sadly + - safely + - selfishly + - sensibly + - seriously + - sharply + - shortly + - shyly + - significantly + - silently + - simply + - sleepily + - slowly + - smartly + - smelly + - smoothly + - softly + - solemnly + - sparkly + - speedily + - stealthily + - sternly + - stupidly + - substantially + - successfully + - suddenly + - surprisingly + - suspiciously + - swiftly + - tenderly + - tensely + - thoughtfully + - tightly + - timely + - truthfully + - unexpectedly + - unfortunately + - usually + - very + - victoriously + - violently + - vivaciously + - warmly + - waverly + - weakly + - wearily + - weekly + - wildly + - wisely + - worldly + - wrinkly + - yearly diff --git a/.github/vale/styles/write-good/meta.json b/.github/vale/styles/write-good/meta.json new file mode 100644 index 0000000000..a115d2886a --- /dev/null +++ b/.github/vale/styles/write-good/meta.json @@ -0,0 +1,4 @@ +{ + "feed": "https://github.com/errata-ai/write-good/releases.atom", + "vale_version": ">=1.0.0" +} diff --git a/.github/workflows/apicheck.yml b/.github/workflows/apicheck.yml index 5175673e87..c8a4c6abc1 100644 --- a/.github/workflows/apicheck.yml +++ b/.github/workflows/apicheck.yml @@ -20,7 +20,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: bundler-cache: true # runs 'bundle install' and caches installed gems automatically diff --git a/.github/workflows/contentcheck.yml b/.github/workflows/contentcheck.yml index f90022e109..ed47d6e42a 100644 --- a/.github/workflows/contentcheck.yml +++ b/.github/workflows/contentcheck.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Check for blog posts that have incorrect categories run: | find astro/src/content/blog/ -type f -name "*.md*" |grep -v swp | xargs grep '^categories:'|sed 's/.*categories: //'|sed 's/, /\n/g'|sort -u > out @@ -33,12 +33,17 @@ jobs: shell: bash - name: Check for absolute URLs referencing FusionAuth.io from file. Keep this next to 'Grep for absolute URLs referencing FusionAuth.io' run: | + cat absolute.out exit `cat absolute.out | wc -l | sed 's/[ ]*//g'` shell: bash - name: Check for old asciidoc styling syntax run: | exit `find astro/src/content/docs/ -type f | xargs grep ']#'| wc -l |sed 's/[ ]*//g'` shell: bash + - name: Check for old asciidoc code import + run: | + exit `find astro/src/content/docs/ -type f | xargs grep '++++'| wc -l |sed 's/[ ]*//g'` + shell: bash - name: Check for old doc nav url references run: | exit `find astro/src/content/ -type f | xargs grep 'docs/v1/tech'| wc -l |sed 's/[ ]*//g'` @@ -58,7 +63,13 @@ jobs: - name: check for APIFields with no name run: | echo `grep -R \> ${GITHUB_ENV} + echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" >> ${GITHUB_ENV} echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> ${GITHUB_ENV} shell: bash @@ -36,6 +36,5 @@ jobs: - name: Invalidate cache run: | CLOUDFRONT_DISTRIBUTION_ID=$(grep cloudfront_distribution_id s3_website.yml|awk -F: '{print $2}' |sed 's/ //g') - aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths "/*" + aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths "/*" shell: bash - diff --git a/.github/workflows/jsoncheck.yml b/.github/workflows/jsoncheck.yml index 17e73f5a15..94e3491dbd 100644 --- a/.github/workflows/jsoncheck.yml +++ b/.github/workflows/jsoncheck.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Check for broken json files run: | busted_files="" diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 619a9d7f31..b1be7c3614 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -16,7 +16,7 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # linkcheck - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: filiph/linkcheck@3.0.0 with: arguments: https://fusionauth.io/ --skip-file .github/linkcheck-skip.txt --connection-failures-as-warnings diff --git a/.github/workflows/prod-astro.yml b/.github/workflows/prod-astro.yml index 0fd46c1a9d..ca848a0eb2 100644 --- a/.github/workflows/prod-astro.yml +++ b/.github/workflows/prod-astro.yml @@ -9,7 +9,8 @@ env: on: # Runs on pushes targeting the default branch push: - branches: ["master"] + branches: + - main paths: - 'astro/**' - '.github/workflows/prod-astro.yml' diff --git a/.github/workflows/publish-redirect-rules.yaml b/.github/workflows/publish-redirect-rules.yaml index f33e91957f..39882ae991 100644 --- a/.github/workflows/publish-redirect-rules.yaml +++ b/.github/workflows/publish-redirect-rules.yaml @@ -7,12 +7,12 @@ env: on: push: branches: - - master + - main paths: - 'src/redirects.json' pull_request: branches: - - master + - main paths: - 'src/redirects.json' workflow_dispatch: diff --git a/.github/workflows/shrink-images.yml b/.github/workflows/shrink-images.yml index 84af244c9a..38a61a1c2d 100644 --- a/.github/workflows/shrink-images.yml +++ b/.github/workflows/shrink-images.yml @@ -3,7 +3,7 @@ name: Shrink images on: push: branches-ignore: - - master + - main paths: - 'astro/public/**' @@ -14,11 +14,11 @@ jobs: GH_TOKEN: ${{ github.token }} TINYPNG_API_KEY: "${{ secrets.TINYPNG_API_KEY }}" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Shrink images using tinypng run: | bash ./src/new-images-shrink.sh shell: bash - - uses: stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@v5 with: commit_message: Shrink images diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml index 9f6d121424..c9eed43564 100644 --- a/.github/workflows/spellcheck.yml +++ b/.github/workflows/spellcheck.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install astro modules run: cd astro && npm ci # commenting these out because for now we aren't using compress to compress images. When we go back to that, we'll need to uncomment these diff --git a/.github/workflows/updatesitemap.yml b/.github/workflows/updatesitemap.yml index b5fc80e03d..bd688856cc 100644 --- a/.github/workflows/updatesitemap.yml +++ b/.github/workflows/updatesitemap.yml @@ -16,8 +16,8 @@ jobs: runs-on: ubuntu-latest # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 with: node-version: 20 cache: 'npm' diff --git a/.github/workflows/vale.yml b/.github/workflows/vale.yml new file mode 100644 index 0000000000..e8bdef6667 --- /dev/null +++ b/.github/workflows/vale.yml @@ -0,0 +1,13 @@ +name: reviewdog +on: [pull_request] + +jobs: + vale: + name: runner / vale + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: errata-ai/vale-action@reviewdog + with: + files: '["astro/src/content"]' + fail_on_error: false diff --git a/.vale.ini b/.vale.ini new file mode 100644 index 0000000000..13be19eb30 --- /dev/null +++ b/.vale.ini @@ -0,0 +1,24 @@ +StylesPath = .github/vale/styles + +Vocab = FusionAuth +MinAlertLevel = error + +[formats] +mdx = md +astro = md + +[*.md] +BasedOnStyles = Vale, write-good +BlockIgnores = ]+)?/> +TokenIgnores = (?m)^import .+ from [^\n]+$, \ +(?m)^export const .+, \ +]+)?>, \ +, \ +[^<]+<\/InlineField>, \ +[^<]+<\/InlineUIElement>, \ +]+)?/>, \ +]+)?/>, \ +]+)?/>, \ +]+)?/>, \ +]+)?>[^<]+<\/APIField>, \ +]+)?>[^<]+<\/APIURI> diff --git a/DocsDevREADME.md b/DocsDevREADME.md index 5ef3beb8b7..3144a4ce58 100644 --- a/DocsDevREADME.md +++ b/DocsDevREADME.md @@ -19,6 +19,7 @@ Here are some guidelines to follow when writing documentation (everything under - Use `admin UI` instead of `Admin UI` when writing about the admin user interface. - Use `logged in` instead of `logged-in` - `log in` is the verb, `login` is the noun +- Use `UserInfo` instead of `Userinfo` - Don't abbreviate FusionAuth, use the full name. - References to `http://127.0.0.1` should be updated to `http://localhost`. Remove hyperlinks to `localhost`. - Always provide an alt text for images. It should always be a full sentence describing the content of the image. @@ -33,20 +34,21 @@ Here are some guidelines to follow when writing documentation (everything under - Use the oxford comma. Apples, bananas, and oranges are my favorite fruits. - Single spaces should be used instead of double spaces after a period. - Headers should have the first letter of every word capitalized: `This Is The Header Text`. This is true for all headers (h1, h2, h3, h4). This is also known as [Start Case](https://en.wikipedia.org/wiki/Letter_case). -- When writing, you have access to Asides. Here's an [example blog post using an Aside](https://github.com/FusionAuth/fusionauth-site/blob/master/astro/src/content/blog/log4j-fusionauth.mdx). You can assign the following values to the type: `tip` for tips. `note` for things for the user to be aware of. `important` for things the user should pay attention to. `warn` for dangerous actions like deleting a tenant. +- When writing, you have access to Asides. Here's an [example blog post using an Aside](https://github.com/FusionAuth/fusionauth-site/blob/main/astro/src/content/blog/log4j-fusionauth.mdx). You can assign the following values to the type: `tip` for tips. `note` for things for the user to be aware of. `important` for things the user should pay attention to. `warn` for dangerous actions like deleting a tenant. - For links, don't use the absolute URL for the FusionAuth website (https://fusionauth.io), only relative URLs. This allows us to deploy to our local and staging environments and not get sent over to prod. ## Docs - Don't use complex breadcrumbs styling in docs. Use `->`. Use the [Breadcrumb](astro/src/components/Breadcrumb.astro) component. Breadcrumbs should look like this `foo -> bar -> baz`. - If you are referencing a field in a form or JSON API doc, use the [InlineField](astro/src/components/InlineField.astro) component: `Issuer`. - If you are referencing a UI element or button, use the [InlineUIElement](astro/src/components/InlineUIElement.astro) component: `Click the Ok button`. +- If you are referencing a tab in the UI, use the [Breadcrumb](astro/src/components/Breadcrumb.astro) component: `On the OAuth tab`. - When you have a list of values, use this phrase to prefix it: "The possible values are:" - When using images that are cropped, add `top-cropped` and/or `bottom-cropped` roles as appropriate. Use `box-shadow` only when an image isn't captured in the manner documented below. It's used only when we have screenshots of things that do not have a box shadow and are all white and blend in too much with our white background. No other image classes are needed when creating documentation. - Include fragments that are shared between different sections of the doc should be stored in the [shared](astro/src/content/docs/_shared) directory. - All links elements should be fully-qualified and never include a slash at the end (i.e. `[users](/docs/apis/users)` not `[users](./users)`) - If something is new in a version, mark it with something like this: - -It is possible, though rare, for an Elasticsearch index to become out of sync with the database. If you stand up FusionAuth with a database dump and restore, you may need to run this operation. You may also be instructed to do so by FusionAuth support. +It is possible, though rare, for an Elasticsearch index to become out of sync with the database. If you stand up FusionAuth with a database dump and restore or import users using the [User Import API](/docs/apis/users#import-users), you may need to run this operation. You may also be instructed to do so by FusionAuth support. In general, even if a temporary outage occurs with Elasticsearch, the index will be sync up automatically. diff --git a/astro/src/content/docs/_shared/_release-notification.mdx b/astro/src/content/docs/_shared/_release-notification.mdx index ab4f8fa63c..d9e0d9d951 100644 --- a/astro/src/content/docs/_shared/_release-notification.mdx +++ b/astro/src/content/docs/_shared/_release-notification.mdx @@ -2,8 +2,7 @@ There are a number of ways to be notified of new releases. * The [release notes](/docs/release-notes) are updated when there is a new release or shortly thereafter. * There is an [RSS feed of releases](/docs/releases.xml) to which you can subscribe. -* The [blog has release announcement posts](/blog), and you can subscribe to an [RSS feed](/blog/feed.xml) for that as well. -* The [forum has release announcement posts](/community/forum/category/5/release). +* The [blog has release announcement posts](/blog/tag/release-notes/) and you can subscribe to an [RSS feed](/blog/feed.xml). * You can subscribe to our release announcement email list using the form below.
diff --git a/astro/src/content/docs/_shared/_setup-wizard.mdx b/astro/src/content/docs/_shared/_setup-wizard.mdx index 7316c12a71..2bf231041b 100644 --- a/astro/src/content/docs/_shared/_setup-wizard.mdx +++ b/astro/src/content/docs/_shared/_setup-wizard.mdx @@ -1,10 +1,10 @@ ## Setup Wizard -This tutorial guides you through completing the initial FusionAuth configuration necessary prior to making API calls and beginning your integration. +This tutorial guides you through completing the initial FusionAuth configuration necessary prior to integrating an application and making API calls. ### Access FusionAuth App -The first step is to access FusionAuth in your web browser. If you have installed FusionAuth on your own system, you will need to know the IP address or hostname of the system where it has been installed. For example, to access FusionAuth on localhost, you would use the following URL `http://localhost:9011`. +You will need to access FusionAuth in your web browser. If you have installed FusionAuth on your own system, you will need to know the IP address or hostname of the system where it has been installed. For example, to access FusionAuth on localhost, you would use the following URL `http://localhost:9011`. Once you have a web browser open to FusionAuth you will be presented with a setup wizard that will walk you through getting FusionAuth configured and ready to begin calling the API and managing users. If you instead are being prompted by the FusionAuth Maintenance Mode, please complete that setup first and then return to this step. See the Maintenance Mode section in the [FusionAuth App Installation Guide](/docs/get-started/download-and-install/fusionauth-app). @@ -14,34 +14,59 @@ Once the setup wizard is complete you will be logged into FusionAuth using the c Setup Wizard -#### Administrator account +#### Admin user This will be the first account to be created in FusionAuth and this user will be assigned the `admin` role the FusionAuth application. Additional users can be assigned the `admin` role at a later time. -#### FusionAuth license +#### License agreement and communications + To complete the setup wizard you must toggle the Accept button after reading the FusionAuth license agreement. You won't find any surprise strings attached here, just the normal lawyer speak for CYA. -#### Stay informed -Optionally stay informed by opting-in to receive FusionAuth technical announcements, tutorials and other technical focused emails. You may opt-out at any time in the future, or opt-in at a later date by visiting fusionauth.io and finding the "Subscribe for updates" form at the bottom of the page. +Optionally stay informed by opting-in to receive FusionAuth technical announcements, tutorials and other technical focused emails. You may opt-out at any time in the future, or opt-in at a later date by visiting [fusionauth.io](/) and finding the "Subscribe for updates" form at the bottom of the page. + +Your feedback on how you learned about us helps us better serve our customers. -## Complete Setup +## Complete First Time Setup -Once the Setup Wizard has logged you into FusionAuth you may begin using FusionAuth. On the dashboard you will see the remaining setup items. -This includes setting up an API key, creating an Application and completing the SMTP Email configuration. +Once the Setup Wizard has logged you into FusionAuth you may begin using the application. On the dashboard you will see a panel for new users. +Clicking `Setup` will guide you through creating an Application, adding an API key, configuring the email server, and optionally activating your license. -Complete Setup +First Time Setup Panel -### Missing Application +### Create an application FusionAuth can be configured with one to many Applications. A FusionAuth Application represents a secured resource, it should be thoughtfully -named but the name may be modified at a later time. See the [Application overview](/docs/get-started/core-concepts/applications) for additional details. +named but the name may be modified at a later time. + +The Authorized redirect URL should match where your users will be redirected after logging in with FusionAuth. + +See the [Application overview](/docs/get-started/core-concepts/applications) for additional details. + +First Time Setup Application + +### Create an API key -### Missing API Key In order to call the API at least one API key will need to be added. Additional API keys can be added at a later time by any user with the `admin` or `api_key_manager` roles. See [API Authentication](/docs/apis/authentication) for additional details. It is recommended that you create an API key and store it somewhere safe such as a secrets manager. If you forget your password, misconfigure an Identity Provider, or otherwise render your FusionAuth administrative user interface inaccessible, you can use the API key to modify your configuration. -### Email Settings -This step is optional but it is recommended. Until FusionAuth has been configured with a valid SMTP configuration FusionAuth will be unable to send +First Time Setup API key + +### Configure email server +This step is optional but it is recommended. Until FusionAuth has been configured with a valid email server configuration FusionAuth will be unable to send email. This means features such as Forgot Password, Change Password, Verify Email and User Actions configured to send emails will not function. See the [Configure Email](/docs/customize/email-and-messages/configure-email) section for additional details. + +First Time Setup email server + +### Activate license +Activating your license gives you access to everything you've purchased. You can find your license key in your [FusionAuth Account](https://account.fusionauth.io/account/plan/). If you are using the community version, just skip this step and enjoy FusionAuth! + +See the [Licensing](/docs/get-started/core-concepts/licensing) section for additional details and how to activate your license at a later time. + +First Time Setup license + +### Summary +Use the summary settings to get your Application working with FusionAuth. You can find this information later from the [Application OAuth settings](/docs/lifecycle/authenticate-users/oauth/). + +First Time Setup summary diff --git a/astro/src/content/docs/_shared/_theme_template_variables.astro b/astro/src/content/docs/_shared/_theme_template_variables.astro index 4ff4622fef..c1f04fd926 100644 --- a/astro/src/content/docs/_shared/_theme_template_variables.astro +++ b/astro/src/content/docs/_shared/_theme_template_variables.astro @@ -14,7 +14,7 @@ const makeId = (name) => { return name.toLowerCase().replaceAll(' ', '-') }; {templates.filter((t) => t.onlyAPI === undefined).map((t) =>

{t.displayName}

- {t.version && } + {t.version && } {t.path && }

Variables

{!t.variables &&

No template specific variables.

} diff --git a/astro/src/content/docs/_shared/_theme_templates.astro b/astro/src/content/docs/_shared/_theme_templates.astro index 0813c7828a..c922675fd2 100644 --- a/astro/src/content/docs/_shared/_theme_templates.astro +++ b/astro/src/content/docs/_shared/_theme_templates.astro @@ -1,13 +1,14 @@ --- import templates from 'src/content/json/themes/templates.json'; import APIField from 'src/components/api/APIField.astro'; +import URI from 'src/components/URI.astro'; import { marked } from 'marked'; -templates.sort((a, b) => { return a.fieldName.toUpperCase().localeCompare(b.fieldName.toUpperCase())}); +templates.sort((a, b) => { return a.fieldName.toUpperCase().localeCompare(b.fieldName.toUpperCase())}); --- -{templates.filter((t) => t.onlyAPI === undefined).map((t) => +{templates.filter((t) => t.onlyAPI === undefined).map((t) => - {t.path} + {t.path} )} diff --git a/astro/src/content/docs/_shared/_user-info-response.mdx b/astro/src/content/docs/_shared/_user-info-response.mdx deleted file mode 100644 index 2fcd7be13c..0000000000 --- a/astro/src/content/docs/_shared/_user-info-response.mdx +++ /dev/null @@ -1,89 +0,0 @@ -import APIBlock from 'src/components/api/APIBlock.astro'; -import APIField from 'src/components/api/APIField.astro'; -import InlineField from 'src/components/InlineField.astro'; - - - - The unique Id of the Application for which the User has been authenticated. - - - The birthDate of the User if available. - Format will be in `YYYY-MM-DD` as defined by the OpenID Connect core specification. - - - The birthDate of the User if available. - Format will be in `YYYY-MM-DD` as defined by the OpenID Connect core specification. - - - The email address of the User. - - - Indicates if the User's email has been verified. - - - The last name of the User if available. - - - The last name of the User if available. - - - The first name of the User if available. - - - The first name of the User if available. - - - The full name of the User if available. - - - The full name of the User if available. - - - The middle name of the User if available - - - The middle name of the User if available - - - The phone number of the User if available. - - - The phone number of the User if available. - - - A URL to a picture of the User if available. - - - A URL to a picture of the User if available. - - - The username of the User if available. - - - The username of the User if available. - - - The roles assigned to the User in the authenticated Application. - - - The subject of the access token. - This value is equal to the User's unique Id in FusionAuth. - - - -```json title="Example JSON Response" -{ - "applicationId": "3c219e58-ed0e-4b18-ad48-f4f92793ae32", - "birthdate": "1982-03-10", - "email": "richard@pipedpuper.com", - "email_verified": true, - "family_name": "Hendricks", - "given_name": "Richard", - "phone_number": "555-555-5555", - "picture": "http://www.piedpiper.com/app/themes/pied-piper/dist/images/photo-richard.png", - "roles": [ - "admin" - ], - "sub": "858a4b01-62c8-4c2f-bfa7-6d018833bea7" -} -``` \ No newline at end of file diff --git a/astro/src/content/docs/_shared/_user-search-limits.mdx b/astro/src/content/docs/_shared/_user-search-limits.mdx index d1fda14cda..e42b3b4af7 100644 --- a/astro/src/content/docs/_shared/_user-search-limits.mdx +++ b/astro/src/content/docs/_shared/_user-search-limits.mdx @@ -1,4 +1,4 @@ -You cannot filter search results in FusionAuth to only return certain fields. Instead you must do this through post-processing. So if you want to retrieve only the `firstName` and `birthDate` fields of a set of users, the results will give you each entire user object and you must select desired fields. You can use the JSON processing facilities in your chosen language to do so, or use a tool such as [jq](https://stedolan.github.io/jq/). +You cannot filter search results in FusionAuth to only return certain fields. Instead you must do this through post-processing. So if you want to retrieve only the `firstName` and `birthDate` fields of a set of users, the results will give you each entire user object and you must select desired fields. You can use the JSON processing facilities in your chosen language to do so, or use a tool such as [`jq`](https://stedolan.github.io/jq/). Prior to version 1.48.0, when using the Elasticsearch search engine, the maximum number of users returned for any search is 10,000 users. For versions 1.48.0 and later, there is no limit on the number of users which can be returned if you paginate through the results. diff --git a/astro/src/content/docs/_shared/_userinfo-aud-claim-limits.mdx b/astro/src/content/docs/_shared/_userinfo-aud-claim-limits.mdx new file mode 100644 index 0000000000..b46f60f336 --- /dev/null +++ b/astro/src/content/docs/_shared/_userinfo-aud-claim-limits.mdx @@ -0,0 +1,3 @@ +In version `1.50.0` and later, the `aud` claim is required for all tokens. The `aud` claim value, or the first value in the case where the claim contains a list, must correspond to an active Application. + +If you have a token that was not obtained from an OAuth flow and does not contain the `aud` claim, consider adding the claim or using the [JWT Validate API](/docs/apis/jwt#validate-a-jwt) instead. \ No newline at end of file diff --git a/astro/src/content/docs/_shared/_userinfo-response.mdx b/astro/src/content/docs/_shared/_userinfo-response.mdx new file mode 100644 index 0000000000..899097c407 --- /dev/null +++ b/astro/src/content/docs/_shared/_userinfo-response.mdx @@ -0,0 +1,142 @@ +import APIBlock from 'src/components/api/APIBlock.astro'; +import APIField from 'src/components/api/APIField.astro'; +import InlineField from 'src/components/InlineField.astro'; + + + + The unique Id of the Application for which the User has been authenticated. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is not populated. + + + The birthDate of the User if available. + Format will be in `YYYY-MM-DD` as defined by the OpenID Connect core specification. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The birthDate of the User if available. + Format will be in `YYYY-MM-DD` as defined by the OpenID Connect core specification. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The email address of the User. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `email` scope. + + + Indicates if the User's email has been verified. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `email` scope. + + + The last name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The last name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The first name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The first name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The full name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The full name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The middle name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The middle name of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The phone number of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `phone` scope. + + + The phone number of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `phone` scope. + + + A URL to a picture of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + A URL to a picture of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The username of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The username of the User if available. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is only populated when the provided token contains the `profile` scope. + + + The roles assigned to the User in the authenticated Application. + + In version `1.50.0` and later, when the Scope handling policy is `Strict`, this field is not populated. + + + The subject of the access token. + This value is equal to the User's unique Id in FusionAuth. + + + +```json title="Example JSON Response With Compatibility Scope Handling" +{ + "applicationId": "3c219e58-ed0e-4b18-ad48-f4f92793ae32", + "birthdate": "1982-03-10", + "email": "richard@piedpiper.com", + "email_verified": true, + "family_name": "Hendricks", + "given_name": "Richard", + "phone_number": "555-555-5555", + "picture": "http://www.piedpiper.com/app/themes/pied-piper/dist/images/photo-richard.png", + "roles": [ + "admin" + ], + "sub": "858a4b01-62c8-4c2f-bfa7-6d018833bea7" +} +``` + +```json title="Example JSON Response With Strict Scope Handling And The profile, email And phone Scopes In The Token" +{ + "birthdate": "1982-03-10", + "email": "richard@pipedpiper.com", + "email_verified": true, + "family_name": "Hendricks", + "given_name": "Richard", + "phone_number": "555-555-5555", + "picture": "http://www.piedpiper.com/app/themes/pied-piper/dist/images/photo-richard.png", + "sub": "858a4b01-62c8-4c2f-bfa7-6d018833bea7" +} +``` \ No newline at end of file diff --git a/astro/src/content/docs/_shared/_xmlSignatureC14nMethod-values.mdx b/astro/src/content/docs/_shared/_xmlSignatureC14nMethod-values.mdx index b97cc80d4c..2f10acf9e1 100644 --- a/astro/src/content/docs/_shared/_xmlSignatureC14nMethod-values.mdx +++ b/astro/src/content/docs/_shared/_xmlSignatureC14nMethod-values.mdx @@ -1,10 +1,6 @@ The possible values are: -+ -* `exclusive` -** The URI for this method is http://www.w3.org/2001/10/xml-exc-c14n# -* `exclusive_with_comments` -** The URI for this method is http://www.w3.org/2001/10/xml-exc-c14n#WithComments -* `inclusive` -** The URI for this method is http://www.w3.org/TR/2001/REC-xml-c14n-20010315 -* `inclusive_with_comments` -** The URI for this method is http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments + +* `exclusive`: The URI for this method is `http://www.w3.org/2001/10/xml-exc-c14n#` +* `exclusive_with_comments`: The URI for this method is `http://www.w3.org/2001/10/xml-exc-c14n#WithComments` +* `inclusive`: The URI for this method is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315` +* `inclusive_with_comments`: The URI for this method is `http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments` diff --git a/astro/src/content/docs/_shared/email/_breached-password-html.mdx b/astro/src/content/docs/_shared/email/_breached-password-html.mdx index 1a2cda4f2e..c3190fe854 100644 --- a/astro/src/content/docs/_shared/email/_breached-password-html.mdx +++ b/astro/src/content/docs/_shared/email/_breached-password-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_breached-password-txt.mdx b/astro/src/content/docs/_shared/email/_breached-password-txt.mdx index 49895c9bad..58cf66c9b7 100644 --- a/astro/src/content/docs/_shared/email/_breached-password-txt.mdx +++ b/astro/src/content/docs/_shared/email/_breached-password-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_change-password-html.mdx b/astro/src/content/docs/_shared/email/_change-password-html.mdx index 0a6b737c5a..33d09860e0 100644 --- a/astro/src/content/docs/_shared/email/_change-password-html.mdx +++ b/astro/src/content/docs/_shared/email/_change-password-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_change-password-txt.mdx b/astro/src/content/docs/_shared/email/_change-password-txt.mdx index 2f7621188d..151cc343b6 100644 --- a/astro/src/content/docs/_shared/email/_change-password-txt.mdx +++ b/astro/src/content/docs/_shared/email/_change-password-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_confirm-child-html.mdx b/astro/src/content/docs/_shared/email/_confirm-child-html.mdx index 2b902159e9..ebba947ada 100644 --- a/astro/src/content/docs/_shared/email/_confirm-child-html.mdx +++ b/astro/src/content/docs/_shared/email/_confirm-child-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_confirm-child-txt.mdx b/astro/src/content/docs/_shared/email/_confirm-child-txt.mdx index cb3052e361..c4b7f87e71 100644 --- a/astro/src/content/docs/_shared/email/_confirm-child-txt.mdx +++ b/astro/src/content/docs/_shared/email/_confirm-child-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-html.mdx b/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-html.mdx index 6d149b4b23..6014d6b349 100644 --- a/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-html.mdx +++ b/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-txt.mdx b/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-txt.mdx index 568cd1a550..09de21c5f4 100644 --- a/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-txt.mdx +++ b/astro/src/content/docs/_shared/email/_coppa-email-plus-notice-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_coppa-notice-html.mdx b/astro/src/content/docs/_shared/email/_coppa-notice-html.mdx index ad7d9b7913..34e89ad8ed 100644 --- a/astro/src/content/docs/_shared/email/_coppa-notice-html.mdx +++ b/astro/src/content/docs/_shared/email/_coppa-notice-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_coppa-notice-txt.mdx b/astro/src/content/docs/_shared/email/_coppa-notice-txt.mdx index 2bf0d44638..55f430fafd 100644 --- a/astro/src/content/docs/_shared/email/_coppa-notice-txt.mdx +++ b/astro/src/content/docs/_shared/email/_coppa-notice-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_email-verification-html.mdx b/astro/src/content/docs/_shared/email/_email-verification-html.mdx index a023d18dda..b1dc666da0 100644 --- a/astro/src/content/docs/_shared/email/_email-verification-html.mdx +++ b/astro/src/content/docs/_shared/email/_email-verification-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_email-verification-txt.mdx b/astro/src/content/docs/_shared/email/_email-verification-txt.mdx index ea231f712b..345c1c0344 100644 --- a/astro/src/content/docs/_shared/email/_email-verification-txt.mdx +++ b/astro/src/content/docs/_shared/email/_email-verification-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_parent-registration-html.mdx b/astro/src/content/docs/_shared/email/_parent-registration-html.mdx index fea52ed9eb..578dbc2929 100644 --- a/astro/src/content/docs/_shared/email/_parent-registration-html.mdx +++ b/astro/src/content/docs/_shared/email/_parent-registration-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_parent-registration-txt.mdx b/astro/src/content/docs/_shared/email/_parent-registration-txt.mdx index d2095b2de1..2cdb475653 100644 --- a/astro/src/content/docs/_shared/email/_parent-registration-txt.mdx +++ b/astro/src/content/docs/_shared/email/_parent-registration-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_passwordless-login-html.mdx b/astro/src/content/docs/_shared/email/_passwordless-login-html.mdx index d63d1cdaff..b634f20acd 100644 --- a/astro/src/content/docs/_shared/email/_passwordless-login-html.mdx +++ b/astro/src/content/docs/_shared/email/_passwordless-login-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_passwordless-login-txt.mdx b/astro/src/content/docs/_shared/email/_passwordless-login-txt.mdx index 88a739be4a..989a9676cd 100644 --- a/astro/src/content/docs/_shared/email/_passwordless-login-txt.mdx +++ b/astro/src/content/docs/_shared/email/_passwordless-login-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_registration-verification-html.mdx b/astro/src/content/docs/_shared/email/_registration-verification-html.mdx index 3c3337d719..df192bf2ff 100644 --- a/astro/src/content/docs/_shared/email/_registration-verification-html.mdx +++ b/astro/src/content/docs/_shared/email/_registration-verification-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_registration-verification-txt.mdx b/astro/src/content/docs/_shared/email/_registration-verification-txt.mdx index 32e92caa6f..c35ebe9bf3 100644 --- a/astro/src/content/docs/_shared/email/_registration-verification-txt.mdx +++ b/astro/src/content/docs/_shared/email/_registration-verification-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_setup-password-html.mdx b/astro/src/content/docs/_shared/email/_setup-password-html.mdx index 5c775710b7..95d70b6a97 100644 --- a/astro/src/content/docs/_shared/email/_setup-password-html.mdx +++ b/astro/src/content/docs/_shared/email/_setup-password-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_setup-password-txt.mdx b/astro/src/content/docs/_shared/email/_setup-password-txt.mdx index 7bfebdfbae..76a8c6bf19 100644 --- a/astro/src/content/docs/_shared/email/_setup-password-txt.mdx +++ b/astro/src/content/docs/_shared/email/_setup-password-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_threat-detected-html.mdx b/astro/src/content/docs/_shared/email/_threat-detected-html.mdx index 7b4932e939..06cae8a42a 100644 --- a/astro/src/content/docs/_shared/email/_threat-detected-html.mdx +++ b/astro/src/content/docs/_shared/email/_threat-detected-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_threat-detected-txt.mdx b/astro/src/content/docs/_shared/email/_threat-detected-txt.mdx index 8d0b38d05b..d93fc95a9c 100644 --- a/astro/src/content/docs/_shared/email/_threat-detected-txt.mdx +++ b/astro/src/content/docs/_shared/email/_threat-detected-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-add-html.mdx b/astro/src/content/docs/_shared/email/_two-factor-add-html.mdx index d2457f3c9b..77717794ab 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-add-html.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-add-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-add-txt.mdx b/astro/src/content/docs/_shared/email/_two-factor-add-txt.mdx index db1b850284..6fe5561621 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-add-txt.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-add-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-login-html.mdx b/astro/src/content/docs/_shared/email/_two-factor-login-html.mdx index 33f9704e0f..16c6a3eeec 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-login-html.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-login-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-login-txt.mdx b/astro/src/content/docs/_shared/email/_two-factor-login-txt.mdx index 0099d531dc..ced7f15c27 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-login-txt.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-login-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-remove-html.mdx b/astro/src/content/docs/_shared/email/_two-factor-remove-html.mdx index a381d5d00a..a4b08c3b2b 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-remove-html.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-remove-html.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/_two-factor-remove-txt.mdx b/astro/src/content/docs/_shared/email/_two-factor-remove-txt.mdx index 7b8be71eb4..e3294cd160 100644 --- a/astro/src/content/docs/_shared/email/_two-factor-remove-txt.mdx +++ b/astro/src/content/docs/_shared/email/_two-factor-remove-txt.mdx @@ -1,5 +1,5 @@ import {RemoteCode} from '@fusionauth/astro-components'; - \ No newline at end of file diff --git a/astro/src/content/docs/_shared/email/template_url_list b/astro/src/content/docs/_shared/email/template_url_list index 279b6eb429..e22b9d1e03 100644 --- a/astro/src/content/docs/_shared/email/template_url_list +++ b/astro/src/content/docs/_shared/email/template_url_list @@ -1,28 +1,28 @@ -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/breached-password.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/breached-password.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/confirm-child.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/confirm-child.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/coppa-notice.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/coppa-notice.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/coppa-email-plus-notice.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/coppa-email-plus-notice.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/email-verification.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/email-verification.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/change-password.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/change-password.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/parent-registration.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/parent-registration.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/passwordless-login.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/passwordless-login.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/registration-verification.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/registration-verification.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/setup-password.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/setup-password.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/threat-detected.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/threat-detected.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-login.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-login.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-add.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-add.txt.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-remove.html.ftl -https://raw.githubusercontent.com/FusionAuth/fusionauth-site/master/astro/src/content/docs/_shared/email/two-factor-remove.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/breached-password.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/breached-password.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/confirm-child.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/confirm-child.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/coppa-notice.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/coppa-notice.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/coppa-email-plus-notice.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/coppa-email-plus-notice.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/email-verification.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/email-verification.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/change-password.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/change-password.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/parent-registration.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/parent-registration.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/passwordless-login.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/passwordless-login.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/registration-verification.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/registration-verification.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/setup-password.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/setup-password.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/threat-detected.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/threat-detected.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-login.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-login.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-add.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-add.txt.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-remove.html.ftl +https://raw.githubusercontent.com/FusionAuth/fusionauth-site/main/astro/src/content/docs/_shared/email/two-factor-remove.txt.ftl diff --git a/astro/src/content/docs/apis/_api-key-cross-tenant-note.mdx b/astro/src/content/docs/apis/_api-key-cross-tenant-note.mdx new file mode 100644 index 0000000000..85a91584b2 --- /dev/null +++ b/astro/src/content/docs/apis/_api-key-cross-tenant-note.mdx @@ -0,0 +1 @@ +Tenant scoped keys can retrieve configuration for FusionAuth entities such as identity providers and lambdas that may be shared between tenants. Limit the API key by specifying required endpoints and permissions as well as the tenant. diff --git a/astro/src/content/docs/apis/_apikey-post-put-request-body.mdx b/astro/src/content/docs/apis/_apikey-post-put-request-body.mdx index c099a923c0..18115bb74e 100644 --- a/astro/src/content/docs/apis/_apikey-post-put-request-body.mdx +++ b/astro/src/content/docs/apis/_apikey-post-put-request-body.mdx @@ -1,5 +1,6 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; +import APIKeyCrossTenantNote from 'src/content/docs/apis/_api-key-cross-tenant-note.mdx'; import JSON from 'src/components/JSON.astro'; import EnterpriseEditionBlurbApi from 'src/content/docs/_shared/_enterprise-edition-blurb-api.astro'; @@ -22,9 +23,11 @@ import EnterpriseEditionBlurbApi from 'src/content/docs/_shared/_enterprise-edit The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created. + + { props.apikey_create_request && } -{ props.apikey_update_request && } \ No newline at end of file +{ props.apikey_update_request && } diff --git a/astro/src/content/docs/apis/_application-oauth-configuration-response-body.mdx b/astro/src/content/docs/apis/_application-oauth-configuration-response-body.mdx index 691dd745a0..1694e30fa2 100644 --- a/astro/src/content/docs/apis/_application-oauth-configuration-response-body.mdx +++ b/astro/src/content/docs/apis/_application-oauth-configuration-response-body.mdx @@ -45,6 +45,15 @@ import JSON from 'src/components/JSON.astro'; The OAuth client secret. This field will only be provided when the request was authenticated using an API key. + + Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when oauthConfiguration.relationship is `ThirdParty`. + + The possible values are: + + * `AlwaysPrompt` - Always prompt the user for consent. + * `RememberDecision` - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant's externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value. + * `NeverPrompt` - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a `FirstParty` application. This configuration is meant for testing purposes only and should not be used in production. + The device verification URL to be used with the Device Code grant type. @@ -80,10 +89,42 @@ import JSON from 'src/components/JSON.astro'; The possible values are: - + + + + Whether the `address` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `address` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `email` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `email` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `phone` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `phone` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `profile` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `profile` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + The application's relationship to the authorization server. + + The possible values are: + + * `FirstParty` - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly. + * `ThirdParty` - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on oauthConfiguration.consentMode. - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the cloient must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data. + Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data. In version 1.28.0 and beyond, client authentication can be managed via oauthConfiguration.clientAuthenticationPolicy. @@ -91,6 +132,23 @@ import JSON from 'src/components/JSON.astro'; Determines if the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not affect any other grant, and does not affect the API usage. + + Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. + + The possible values are: + + * `Compatibility` - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0. + * `Strict` - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes. + + + Controls the policy for handling unknown scopes on an OAuth request. + + The possible values are: + + * `Allow` - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent. + * `Remove` - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them. + * `Reject` - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error. + diff --git a/astro/src/content/docs/apis/_application-request-body.mdx b/astro/src/content/docs/apis/_application-request-body.mdx index 8b2de11a68..d9cb474394 100644 --- a/astro/src/content/docs/apis/_application-request-body.mdx +++ b/astro/src/content/docs/apis/_application-request-body.mdx @@ -1,3 +1,4 @@ +import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition-blurb-api.astro'; import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; import DeprecatedSince from 'src/components/api/DeprecatedSince.astro'; @@ -13,7 +14,6 @@ import ApplicationOauthconfigurationClientauthenticationpolicy from 'src/content import ApplicationOauthconfigurationProofkeyforcodeexchangepolicy from 'src/content/docs/apis/_application-oauthConfiguration-proofKeyForCodeExchangePolicy.mdx'; import Xmlsignaturec14nmethodDescription from 'src/content/docs/apis/_xmlSignatureC14nMethod-description.mdx'; import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignatureC14nMethod-values.mdx'; -import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition-blurb-api.astro'; #### Request Body @@ -21,7 +21,7 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- The Id of the [IP Access Control List](/docs/apis/ip-acl) limiting access to this application. - + Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application. @@ -42,7 +42,7 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- - + The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be required to complete Two Factor authentication @@ -50,17 +50,17 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- When this value is not defined, the value defined by tenant.externalIdentifierConfiguration.twoFactorTrustIdTimeToLiveInSeconds is utilized. When this value is defined it will override the tenant configured value. - This configuration is only utilized when application.multiFactorConfiguration.loginPolicy is enabled. + This configuration is only utilized when application.multiFactorConfiguration.loginPolicy is `Enabled` or `Required`. When enabled a user will be required to provide their current password when changing their password on a self-service account form. - + - The unique Id of the form to to enable authenticated users to manage their profile on the account page. + The unique Id of the form to enable authenticated users to manage their profile on the account page. - + The Id of the signing key used to sign the access token. @@ -113,6 +113,14 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- Required when `enabled` is set to `true`. + + + The refresh token usage policy. The following are valid values: + + * `Reusable` - the token does not change after it was issued. + * `OneTimeUse` - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. + + The secret used when an `HMAC` based signing algorithm has been selected. This secret is used to sign and verify JWTs. @@ -132,12 +140,15 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request. - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request. + The Id of the Lambda that will be invoked when a SAML response is generated during a SAML authentication request. The unique Id of the lambda that will be used to perform additional validation on registration form steps. - + + + + The Id of the Lambda that will be invoked when a UserInfo response is generated for this application. Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the `generateRefreshTokens` parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the [Refresh API](/docs/apis/jwt#refresh-a-jwt). @@ -157,7 +168,7 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- The Id of the email template that is used when notifying a user to complete a multi-factor authentication request. - + When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. When configured, this value overrides the value configured by the tenant.multiFactorConfiguration.loginPolicy. @@ -167,12 +178,14 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- * `Enabled` - Require a two-factor challenge during login when an eligible method is available. * `Disabled` - Do not require a two-factor challenge during login. * `Required` - Require a two-factor challenge during login. A user will be required to configure 2FA if no eligible methods are available. Available since 1.42.0 + + While this configuration requires a license, in version `1.49.0` or later it may be enabled for the FusionAuth admin application regardless of the license state. The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request. - When application.multiFactorConfiguration.loginPolicy is set to `Enabled`, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. + When application.multiFactorConfiguration.loginPolicy is set to `Enabled` or `Required`, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. For example, a normal two-factor login flow will result in a trust Id being returned if you set trustComputer equal to `true` when completing a Two Factor Login. The returned Trust identifier can be used on subsequent Login requests to keep from being required to complete a Two-Factor login. This configuration determines if that trust value can be utilized for another application. @@ -239,6 +252,15 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored. + + Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is `ThirdParty`. + + The possible values are: + + * `AlwaysPrompt` - Always prompt the user for consent. + * `RememberDecision` - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant's externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value. + * `NeverPrompt` - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a `FirstParty` application. This configuration is meant for testing purposes only and should not be used in production. + Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant. @@ -279,6 +301,40 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- + + Whether the `address` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `address` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `email` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `email` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `phone` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `phone` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `profile` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `profile` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + The application's relationship to the OAuth server. + + The possible values are: + + * `FirstParty` - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly. + * `ThirdParty` - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object's oauthConfiguration.consentMode value. + + + Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data. @@ -288,6 +344,23 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not affect any other grant, and does not affect the API usage. + + Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. + + The possible values are: + + * `Compatibility` - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0. + * `Strict` - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes. + + + Controls the policy for handling unknown scopes on an OAuth request. + + The possible values are: + + * `Allow` - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent. + * `Remove` - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them. + * `Reject` - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error. + Determines if passwordless login is enabled for this application. @@ -367,22 +440,22 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- The number of days from registration a user's registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to `true`. Value must be greater than 0. - + An array of Role objects. - + A description for the role. - + The Id of the Role. - + The name of the Role. - + Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided. - + Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API. @@ -450,7 +523,7 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- One or more authorized URLS that may be specified by the SAML v2 Service Provider in the Authentication request `[AssertionConsumerServiceURL]` element. If a requested URL is not in this list the request will be rejected by FusionAuth. - This is the URL that FusionAuth will send the SAML response during a SAML login request, this URL is also referred to as the Assertion Consumer Service or ACS). If the the Authentication request does not contain the `[AssertionConsumerServiceURL]` element, the first URL found in this list will be used to send the SAML response back to the Service Provider. + This is the URL that FusionAuth will send the SAML response during a SAML login request, this URL is also referred to as the Assertion Consumer Service or ACS). If the Authentication request does not contain the `[AssertionConsumerServiceURL]` element, the first URL found in this list will be used to send the SAML response back to the Service Provider. If the application.samlv2Configuration.initiatedLogin.enabled is `true`, the particular URL where the user will end up after successful login can be configured by appending a parameter to the `Initiate login URL`. The parameter must be either `redirect_uri` or `RelayState`. The value should be a URL encoded URL present in this field. If both `RelayState` and `redirect_uri` are present `redirect_uri` will be ignored in favor of `RelayState`. @@ -559,10 +632,32 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- In most cases the default configuration will be adequate. If you encounter a SAML v2 Service Provider that requires the signature to be a child of the Response, use this configuration to change the signature location. Prior to version `1.21.0`, the XML signature was always located as a child element of the Assertion when the response was successful. + + An array of OAuth Scope objects. + + + + The default detail to display on the OAuth consent screen if one cannot be found in the theme. + + + The default message to display on the OAuth consent screen if one cannot be found in the theme. + + + A description of the OAuth Scope for internal use. + + + The Id of the OAuth Scope. + + + The name of the OAuth Scope. This is the value that will be used to request the scope in OAuth workflows. + + + Determines if the OAuth Scope is required when requested in an OAuth workflow. + The unique Id of the theme to be used to style the login page and other end user templates. - + The Id of the Email Template that is used to send the Registration Verification emails to users. If the `verifyRegistration` field is `true` this field is required. @@ -572,15 +667,15 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is `false`. - + Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is `false`, WebAuthn workflows will be enabled based on the Tenant configuration. If `true`, WebAuthn workflows will be enabled according to the configuration of this application. - + Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is `false`. - + An array of Webhook Ids. For Webhooks that are not already configured for All Applications, specifying an Id on this request will indicate the associated Webhook should handle events for this application. @@ -589,6 +684,6 @@ import AdvancedEditionBlurbApi from 'src/content/docs/_shared/_advanced-edition- -{ props.includeRoles && } +{ props.is_create && } -{ !props.includeRoles && } +{ !props.is_create && } diff --git a/astro/src/content/docs/apis/_application-response-body-base.mdx b/astro/src/content/docs/apis/_application-response-body-base.mdx index 7abc84af45..003e7c3841 100644 --- a/astro/src/content/docs/apis/_application-response-body-base.mdx +++ b/astro/src/content/docs/apis/_application-response-body-base.mdx @@ -55,7 +55,7 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature When enabled a user will be required to provide their current password when changing their password on a self-service account form. - The unique Id of the form to to enable authenticated users to manage their profile on the account page. + The unique Id of the form to enable authenticated users to manage their profile on the account page. The unique identifier for this Application. @@ -96,32 +96,49 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature * `SlidingWindow` - the expiration is calculated from the last time the token was used. * `SlidingWindowWithMaximumLifetime` - the expiration is calculated from the last time the token was used, or until the maximumTimeToLiveInMinutes is reached. Available since 1.46.0 + The maximum lifetime of a refresh token when using a refreshTokenExpirationPolicy of `SlidingWindowWithMaximumLifetime`. + The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT. + + + The refresh token usage policy. The following are valid values: + + * `Reusable` - the token does not change after it was issued. + * `OneTimeUse` - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. + + The secret used when an `HMAC` based signing algorithm has been selected. This secret is used to sign and verify JWTs. In version 1.5.0 and beyond, when selecting an `HMAC` algorithm, the `client_secret` from the OAuth configuration will be used to sign and verify the JWTs. + The length of time in seconds the JWT will live before it is expired and no longer valid. + The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API. + The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request. + - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request. + The Id of the Lambda that will be invoked when a SAML response is generated during a SAML authentication request. The unique Id of the lambda that will be used to perform additional validation on registration form steps. + + The Id of the Lambda that will be invoked when a UserInfo response is generated for this application. + The [instant](/docs/reference/data-types#instants) that the Application was last updated in the FusionAuth database. @@ -172,6 +189,15 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature The OAuth client secret. + + Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when {props.base_field_name + ".oauthConfiguration.relationship"} is `ThirdParty`. + + The possible values are: + + * `AlwaysPrompt` - Always prompt the user for consent. + * `RememberDecision` - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant's externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value. + * `NeverPrompt` - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a `FirstParty` application. This configuration is meant for testing purposes only and should not be used in production. + Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant. @@ -212,8 +238,40 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature + + Whether the `address` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `address` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `email` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `email` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `phone` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `phone` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + Whether the `profile` OAuth scope provided by FusionAuth is enabled for this application. + + + Whether consent to the `profile` OAuth scope provided by FusionAuth is required for this application when present on the OAuth request. + + + The application's relationship to the OAuth server. + + The possible values are: + + * `FirstParty` - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly. + * `ThirdParty` - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on {props.base_field_name + ".oauthConfiguration.consentMode"}. + - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the cloient must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data. + Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The `client_id` and `client_secret` may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data. Deprecated in version 1.28.0 In version 1.28.0 and beyond, client authentication can be managed via {props.base_field_name}.oauthConfiguration.clientAuthenticationPolicy. @@ -221,6 +279,23 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature Determines if the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not affect any other grant, and does not affect the API usage. + + Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. + + The possible values are: + + * `Compatibility` - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0. + * `Strict` - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes. + + + Controls the policy for handling unknown scopes on an OAuth request. + + The possible values are: + + * `Allow` - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent. + * `Remove` - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them. + * `Reject` - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error. + Determines if passwordless login is enabled for this application. @@ -375,7 +450,7 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature One or more authorized URLS that may be specified by the SAML v2 Service Provider in the Authentication request `[AssertionConsumerServiceURL]` element. If a requested URL is not in this list the request will be rejected by FusionAuth. - This is the URL that FusionAuth will send the SAML response during a SAML login request, this URL is also referred to as the Assertion Consumer Service or ACS). If the the Authentication request does not contain the `[AssertionConsumerServiceURL]` element, the first URL found in this list will be used to send the SAML response back to the Service Provider. + This is the URL that FusionAuth will send the SAML response during a SAML login request, this URL is also referred to as the Assertion Consumer Service or ACS). If the Authentication request does not contain the `[AssertionConsumerServiceURL]` element, the first URL found in this list will be used to send the SAML response back to the Service Provider. The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML. @@ -467,6 +542,33 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature * `Assertion` - The XML signature will be added as a child element of the Assertion. * `Response` - The XML signature will be added as a child element of the Response. + + An array of OAuth Scope objects. + + + The default detail to display on the OAuth consent screen if one cannot be found in the theme. + + + The default message to display on the OAuth consent screen if one cannot be found in the theme. + + + A description of the OAuth Scope for internal use. + + + The Id of the OAuth Scope. + + + The [instant](/docs/reference/data-types#instants) that the OAuth Scope was added to the FusionAuth database. + + + The [instant](/docs/reference/data-types#instants) that the OAuth Scope was last updated in the FusionAuth database. + + + The name of the OAuth Scope. This is the value that will be used to request the scope in OAuth workflows. + + + Determines if the OAuth Scope is required when requested in an OAuth workflow. + The current state of the application. The following are valid values: @@ -494,7 +596,12 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if {props.base_field_name}.webAuthnConfiguration.enabled is `false`. - + + The available expandable properties that are not expanded in the response. + + For example, if you set the expand request parameter to `[roles]` then the value of this parameter in the response will be `[scopes]` indicating that the `scopes` property was not expanded. + + The total number of Applications matching the search criteria. Use this value along with the numberOfResults and startRow in the Search request to perform pagination. @@ -505,7 +612,7 @@ import Xmlsignaturec14nmethodValues from 'src/content/docs/_shared/_xmlSignature {/* Multiple applications result */} {/* With "total" field */} -{ props.base_field_name !== 'application' && props.include_total && } +{ props.base_field_name !== 'application' && props.search_result && } {/* Without "total" field */} -{ props.base_field_name !== 'application' && !props.include_total && } +{ props.base_field_name !== 'application' && !props.search_result && } diff --git a/astro/src/content/docs/apis/_application-search-request-parameters.mdx b/astro/src/content/docs/apis/_application-search-request-parameters.mdx index 4d17ed2f67..e4fbefd514 100644 --- a/astro/src/content/docs/apis/_application-search-request-parameters.mdx +++ b/astro/src/content/docs/apis/_application-search-request-parameters.mdx @@ -5,6 +5,13 @@ import InlineField from 'src/components/InlineField.astro'; {/* parameter_prefix is either blank for parameters or "search." for body */} + + This parameter allows you to optionally remove the `roles` and `scopes` from the API response. Removing these fields from the response may improve performance on large search requests. + + For backwards compatibility, the default behavior will be to return both `roles` and `scopes`. + + To request only the `roles` but omit the `scopes` from the response, provide a value of `[roles]`. To omit both the `roles` and `scopes` from the response, provide a value of `[]`. + The case-insensitive string to search for in the Application name. This can contain wildcards using the asterisk character (`*`). If no wildcards are present, this parameter value will be interpreted as `*value*`. diff --git a/astro/src/content/docs/apis/_applications-response-body.mdx b/astro/src/content/docs/apis/_applications-response-body.mdx index 5bfd2f0774..67fdb0667d 100644 --- a/astro/src/content/docs/apis/_applications-response-body.mdx +++ b/astro/src/content/docs/apis/_applications-response-body.mdx @@ -5,4 +5,4 @@ import ApplicationResponseBodyBase from 'src/content/docs/apis/_application-resp {/* these are all used for the configuration of the emailConfiguration section. Shared between application and tenant. */} + base_field_name="applications[x]" search_result={false}/> diff --git a/astro/src/content/docs/apis/_change-pass-response-codes.astro b/astro/src/content/docs/apis/_change-pass-response-codes.astro index a3e177f4c6..e5cc7c49f4 100644 --- a/astro/src/content/docs/apis/_change-pass-response-codes.astro +++ b/astro/src/content/docs/apis/_change-pass-response-codes.astro @@ -1,7 +1,8 @@ --- import JSON from 'src/components/JSON.astro'; --- - +Response Codes +
diff --git a/astro/src/content/docs/apis/_family-pending-response-body.mdx b/astro/src/content/docs/apis/_family-pending-response-body.mdx index 33f1b4fe08..845f7cc3e3 100644 --- a/astro/src/content/docs/apis/_family-pending-response-body.mdx +++ b/astro/src/content/docs/apis/_family-pending-response-body.mdx @@ -75,11 +75,6 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; The value of the mobile phone for this method. Only present if user.twoFactor.methods``[x]``.method is `sms`. - - A base64 encoded secret - - This field is required when method is `authenticator`. - A list of recovery codes. These may be used in place of a code provided by an MFA factor. They are single use. diff --git a/astro/src/content/docs/apis/_import-users-request-body.mdx b/astro/src/content/docs/apis/_import-users-request-body.mdx index d06677572e..da1d96e9c8 100644 --- a/astro/src/content/docs/apis/_import-users-request-body.mdx +++ b/astro/src/content/docs/apis/_import-users-request-body.mdx @@ -173,7 +173,7 @@ You must provide either the **email** or the **username** field for each User. T An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text. See [Locales](/docs/reference/data-types#locales). - The list of roles that the User has for this registration. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The username of the User for this registration only. @@ -227,7 +227,7 @@ You must provide either the **email** or the **username** field for each User. T The value of the mobile phone for this method. Only present if user.twoFactor.methods``[x]``.method is `sms`. - A base64 encoded secret + A base64 encoded secret. This field is required when method is `authenticator`. diff --git a/astro/src/content/docs/apis/_lambda-engine-options.mdx b/astro/src/content/docs/apis/_lambda-engine-options.mdx new file mode 100644 index 0000000000..314570d72a --- /dev/null +++ b/astro/src/content/docs/apis/_lambda-engine-options.mdx @@ -0,0 +1,6 @@ +import DeprecatedSince from 'src/components/api/DeprecatedSince.astro'; +import RemovedSince from 'src/components/api/RemovedSince.astro'; + +The JavaScript execution engine for the lambda. The possible values are: + * `GraalJS` + * `Nashorn` , diff --git a/astro/src/content/docs/apis/_lambda-put-request-body.mdx b/astro/src/content/docs/apis/_lambda-put-request-body.mdx index 7d61acfe89..6af10b0c43 100644 --- a/astro/src/content/docs/apis/_lambda-put-request-body.mdx +++ b/astro/src/content/docs/apis/_lambda-put-request-body.mdx @@ -1,6 +1,7 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; import JSON from 'src/components/JSON.astro'; +import LambdaOptions from './_lambda-engine-options.mdx'; ### Request Body @@ -12,15 +13,10 @@ import JSON from 'src/components/JSON.astro'; Whether or not debug event logging is enabled for this Lambda. - Whether or not this Lambda is enabled. - - Not currently used and may be removed in a future version. + This value is not used, and may be removed in a future version. - The JavaScript execution engine for the lambda. The possible values are: - - * `GraalJS` - * `Nashorn` + The name of the lambda. diff --git a/astro/src/content/docs/apis/_lambda-request-body.mdx b/astro/src/content/docs/apis/_lambda-request-body.mdx index 250a9f6369..9b5a139fda 100644 --- a/astro/src/content/docs/apis/_lambda-request-body.mdx +++ b/astro/src/content/docs/apis/_lambda-request-body.mdx @@ -1,5 +1,6 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; +import LambdaOptions from './_lambda-engine-options.mdx'; #### Request Body @@ -11,15 +12,10 @@ import APIField from 'src/components/api/APIField.astro'; Whether or not debug event logging is enabled for this Lambda. - Whether or not this Lambda is enabled. - - Not currently used and may be removed in a future version. + This value is not used, and may be removed in a future version. - The JavaScript execution engine for the lambda. The possible values are: - - * `GraalJS` - * `Nashorn` + The name of the lambda. diff --git a/astro/src/content/docs/apis/_lambda-response-body.mdx b/astro/src/content/docs/apis/_lambda-response-body.mdx index 3170023ef0..12d6ea84b4 100644 --- a/astro/src/content/docs/apis/_lambda-response-body.mdx +++ b/astro/src/content/docs/apis/_lambda-response-body.mdx @@ -1,5 +1,6 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; +import LambdaOptions from './_lambda-engine-options.mdx'; #### Response Body @@ -11,15 +12,10 @@ import APIField from 'src/components/api/APIField.astro'; Whether or not debug event logging is enabled for this Lambda. - Whether or not this Lambda is enabled. - - Not currently used and may be removed in a future version. + This value is not used, and may be removed in a future version. - The JavaScript execution engine for the lambda. The possible values are: - - * `GraalJS` - * `Nashorn` + The Id of the Lambda. diff --git a/astro/src/content/docs/apis/_lambda-responses-body.mdx b/astro/src/content/docs/apis/_lambda-responses-body.mdx index cd2d9c6d50..e713498b72 100644 --- a/astro/src/content/docs/apis/_lambda-responses-body.mdx +++ b/astro/src/content/docs/apis/_lambda-responses-body.mdx @@ -1,5 +1,6 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; +import LambdaOptions from './_lambda-engine-options.mdx'; #### Response Body @@ -14,15 +15,10 @@ import APIField from 'src/components/api/APIField.astro'; Whether or not debug event logging is enabled for this Lambda. - Whether or not this Lambda is enabled. - - Not currently used and may be removed in a future version. + This value is not used, and may be removed in a future version. - The JavaScript execution engine for the lambda. The possible values are: - - * `GraalJS` - * `Nashorn` + The Id of the Lambda. diff --git a/astro/src/content/docs/apis/_lambda-search-request-parameters.mdx b/astro/src/content/docs/apis/_lambda-search-request-parameters.mdx index 30d50fe209..667d67187d 100644 --- a/astro/src/content/docs/apis/_lambda-search-request-parameters.mdx +++ b/astro/src/content/docs/apis/_lambda-search-request-parameters.mdx @@ -1,6 +1,8 @@ import APIBlock from 'src/components/api/APIBlock.astro'; import APIField from 'src/components/api/APIField.astro'; import InlineField from 'src/components/InlineField.astro'; +import DeprecatedSince from 'src/components/api/DeprecatedSince.astro'; +import RemovedSince from 'src/components/api/RemovedSince.astro'; {/* parameter_prefix is either blank for parameters or "search." for body */} @@ -24,7 +26,7 @@ import InlineField from 'src/components/InlineField.astro'; * `name` - the Lambda name * `engineType` - the JavaScript execution engine for the Lambda * `GraalJS` - * `Nashorn` + * `Nashorn` , The order direction is optional. Possible values of the order direction are `ASC` or `DESC`. If omitted, the default sort order is `ASC`. diff --git a/astro/src/content/docs/apis/_lambda-type-api.astro b/astro/src/content/docs/apis/_lambda-type-api.astro index 1a18e03779..556c401166 100644 --- a/astro/src/content/docs/apis/_lambda-type-api.astro +++ b/astro/src/content/docs/apis/_lambda-type-api.astro @@ -2,6 +2,7 @@ import { getEntry } from 'astro:content'; import { LambdaDoc } from 'src/tools/docs'; import APIField from 'src/components/api/APIField.astro'; +import AvailableSince from "../../../components/api/AvailableSince.astro"; const lambdasEntry = await getEntry('json', 'lambdas'); const lambdas: LambdaDoc[] = (lambdasEntry.data as LambdaDoc[]) @@ -16,8 +17,8 @@ const name = `${prefix || ''}type`; { lambdas.map(lambda =>
  • { lambda.typeText } - { showSince && lambda.version && available since { lambda.version }} + { showSince && lambda.version && }
    • )} -     \ No newline at end of file + diff --git a/astro/src/content/docs/apis/_reactor-status-response-body.mdx b/astro/src/content/docs/apis/_reactor-status-response-body.mdx index d20ff50dc1..7504bf4507 100644 --- a/astro/src/content/docs/apis/_reactor-status-response-body.mdx +++ b/astro/src/content/docs/apis/_reactor-status-response-body.mdx @@ -9,27 +9,42 @@ import JSON from 'src/components/JSON.astro'; The status for Advanced Identity Providers. - + The status for Advanced lambda features such Lambda HTTP Connect. - + The status for [Advanced Multi-Factor Authentication](/docs/lifecycle/authenticate-users/multi-factor-authentication). - + + + + The status for Advanced OAuth Scope features. + + + + + The status for creating custom OAuth scopes. + + + + + The status for configuring Applications as third-party to enable OAuth scope consent prompts. + + The status for [Advanced Registration Forms](/docs/lifecycle/register-users/advanced-registration-forms). - + The status for Application scoped Multi-Factor authentication configuration. - + The status for Application Themes. @@ -47,12 +62,12 @@ import JSON from 'src/components/JSON.astro'; The status for [Connectors](/docs/lifecycle/migrate-users/connectors/). - + The status for [Entity Management](/docs/get-started/core-concepts/entity-management). - + If the license is configured to be air-gapped, this value will be returned to indicate the license expiration. An air-gapped license is one that does not require egress network connectivity to the FusionAuth license server. If the license is not configured to be air-gapped, then this field will not be returned in the response. @@ -68,27 +83,27 @@ import JSON from 'src/components/JSON.astro'; The status for the SCIM Server features. - + The status for the Threat Detection feature set. - + The status for [WebAuthn](/docs/lifecycle/authenticate-users/passwordless/webauthn-passkeys) features. - + The status for [WebAuthn](/docs/lifecycle/authenticate-users/passwordless/webauthn-passkeys) platform authenticators. - + The status for [WebAuthn](/docs/lifecycle/authenticate-users/passwordless/webauthn-passkeys) roaming, or cross-platform, authenticators. - + diff --git a/astro/src/content/docs/apis/_refresh-token-response-body-base.mdx b/astro/src/content/docs/apis/_refresh-token-response-body-base.mdx index 0503a575f7..ae81dfe345 100644 --- a/astro/src/content/docs/apis/_refresh-token-response-body-base.mdx +++ b/astro/src/content/docs/apis/_refresh-token-response-body-base.mdx @@ -38,7 +38,7 @@ import JSON from 'src/components/JSON.astro'; In version `1.46.0` and beyond, this value can be any string value you'd like, have fun with it! - The scopes associated with this Refresh Token. These are set at authentication when when the Refresh Token is first created. + The scopes associated with this Refresh Token. These are set at authentication when the Refresh Token is first created. The [instant](/docs/reference/data-types#instants) of the start of this Refresh Token. This value will be used to calculate token expiration. diff --git a/astro/src/content/docs/apis/_scope-request-body.mdx b/astro/src/content/docs/apis/_scope-request-body.mdx new file mode 100644 index 0000000000..73d7aafa2e --- /dev/null +++ b/astro/src/content/docs/apis/_scope-request-body.mdx @@ -0,0 +1,32 @@ +import APIBlock from 'src/components/api/APIBlock.astro'; +import APIField from 'src/components/api/APIField.astro'; +import JSON from 'src/components/JSON.astro'; + +#### Request Body + + + + An object that can hold any information about the OAuth Scope that should be persisted. + + + The default detail to display on the OAuth consent screen if one cannot be found in the theme. + [Learn more about setting this value using themes.](/docs/customize/look-and-feel/localization#oauth-scope-consent-prompt) + + + The default message to display on the OAuth consent screen if one cannot be found in the theme. + [Learn more about setting this value using themes.](/docs/customize/look-and-feel/localization#oauth-scope-consent-prompt) + + + A description of the OAuth Scope for internal use. + + + The name of the OAuth Scope. This is the value that will be used to request the scope in OAuth workflows. + + + Determines if the OAuth Scope is required when requested in an OAuth workflow. + + + +{ !props.is_update && } + +{ props.is_update && } diff --git a/astro/src/content/docs/apis/_scope-response-body.mdx b/astro/src/content/docs/apis/_scope-response-body.mdx new file mode 100644 index 0000000000..6c19869b26 --- /dev/null +++ b/astro/src/content/docs/apis/_scope-response-body.mdx @@ -0,0 +1,42 @@ +import APIBlock from 'src/components/api/APIBlock.astro'; +import APIField from 'src/components/api/APIField.astro'; +import JSON from 'src/components/JSON.astro'; + +#### Response Body + + + + The unique Id of the Application. + + + An object that can hold any information about the OAuth Scope that should be persisted. + + + The default detail to display on the OAuth consent screen if one cannot be found in the theme. + + + The default message to display on the OAuth consent screen if one cannot be found in the theme. + + + A description of the OAuth Scope for internal use. + + + The unique Id of the OAuth Scope. + + + The [instant](/docs/reference/data-types#instants) that the OAuth Scope was added to the FusionAuth database. + + + The [instant](/docs/reference/data-types#instants) that the OAuth Scope was updated in the FusionAuth database. + + + The name of the OAuth Scope. This is the value that will be used to request the scope in OAuth workflows. + + + Determines if the OAuth Scope is required when requested in an OAuth workflow. + + + +{ !props.is_update && } + +{ props.is_update && } \ No newline at end of file diff --git a/astro/src/content/docs/apis/_system-configuration-request-body.mdx b/astro/src/content/docs/apis/_system-configuration-request-body.mdx index 9e39f66e31..415b2b9ddd 100644 --- a/astro/src/content/docs/apis/_system-configuration-request-body.mdx +++ b/astro/src/content/docs/apis/_system-configuration-request-body.mdx @@ -21,7 +21,15 @@ import JSON from 'src/components/JSON.astro'; The `Access-Control-Allow-Headers` response header values as described by [MDN Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers). - The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). + The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). The possible values are: + + * `GET` + * `POST` + * `PUT` + * `DELETE` + * `HEAD` + * `OPTIONS` + * `PATCH` The `Access-Control-Allow-Origin` response header values as described by [MDN Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin). If the wildcard `*` is specified, no additional domains may be specified. @@ -42,7 +50,7 @@ import JSON from 'src/components/JSON.astro'; An object that can hold any information about the System that should be persisted. - The number of events to retain. Once the the number of event logs exceeds this configured value they will be deleted starting with the oldest event logs. + The number of events to retain. Once the number of event logs exceeds this configured value they will be deleted starting with the oldest event logs. Whether or not FusionAuth should delete the login records based upon this configuration. When `true` the loginRecordConfiguration.delete.numberOfDaysToRetain will be used to identify login records that are eligible for deletion. When this value is set to `false` login records will be preserved forever. @@ -59,6 +67,20 @@ import JSON from 'src/components/JSON.astro'; > `America/Denver` or `US/Mountain` + + + This setting is used to resolve the client IP address for use in logging, webhooks, and IP-based access control when an `X-Forwarded-For` header is provided. Because proxies are free to rewrite the `X-Forwarded-For` header, an untrusted proxy could write a value that allowed it to bypass IP-based ACLs, or cause an incorrect IP address to be logged or sent to a webhook. + + Valid values are: + * `All`: Consider all proxies in an `X-Forwarded-For` header to be trusted, and use the first address in the `X-Forwarded-For` header as the resolved address. This is less secure, and is provided for backwards compatibility. + * `OnlyConfigured`: Only trust proxies named in the `systemConfiguration.trustedProxyConfiguration.trusted` list. In this case, the first untrusted proxy found will be used as the client IP address. + + + An array of IP addresses, representing the set of trusted upstream proxies. This value will be accepted but ignored when systemConfiguration.trustedProxyConfiguration.trustPolicy is set to `All`. + + Values may be specified as IPv4, or IPv6 format, and ranges of addresses are also accepted in CIDR notation. + + A hexadecimal color to override the default menu color in the user interface. diff --git a/astro/src/content/docs/apis/_system-configuration-response-body.mdx b/astro/src/content/docs/apis/_system-configuration-response-body.mdx index 3acb0dc482..30e8421092 100644 --- a/astro/src/content/docs/apis/_system-configuration-response-body.mdx +++ b/astro/src/content/docs/apis/_system-configuration-response-body.mdx @@ -19,14 +19,7 @@ import JSON from 'src/components/JSON.astro'; The `Access-Control-Allow-Headers` response header values as described by [MDN Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers). - The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). The possible values are: - - * `GET` - * `POST` - * `PUT` - * `DELETE` - * `HEAD` - * `OPTIONS` + The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). The `Access-Control-Allow-Origin` response header values as described by [MDN Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin). If the wildcard `*` is specified, no additional domains may be specified. @@ -47,7 +40,7 @@ import JSON from 'src/components/JSON.astro'; An object that can hold any information about the System that should be persisted. - The number of events to retain. Once the the number of event logs exceeds this configured value they will be deleted starting with the oldest event logs. + The number of events to retain. Once the number of event logs exceeds this configured value they will be deleted starting with the oldest event logs. Whether or not FusionAuth should delete the login records based upon this configuration. When `true` the loginRecordConfiguration.delete.numberOfDaysToRetain will be used to identify login records that are eligible for deletion. When this value is set to `false` login records will be preserved forever. @@ -62,6 +55,18 @@ import JSON from 'src/components/JSON.astro'; > `America/Denver` or `US/Mountain` + + + This setting is used to resolve the client IP address for use in logging, webhooks, and IP-based access control when an `X-Forwarded-For` header is provided. Because proxies are free to rewrite the `X-Forwarded-For` header, an untrusted proxy could write a value that allowed it to bypass IP-based ACLs, or cause an incorrect IP address to be logged or sent to a webhook. + + Valid values are: + * `All`: Consider all proxies in an `X-Forwarded-For` header to be trusted, and use the first address in the `X-Forwarded-For` header as the resolved address. This is less secure, and is provided for backwards compatibility. + * `OnlyConfigured`: Only trust proxies named in the `systemConfiguration.trustedProxyConfiguration.trusted` list. In this case, the first untrusted proxy found will be used as the client IP address. + + + An array of IP addresses, representing the set of trusted upstream proxies. + + A hexadecimal color to override the default menu color in the user interface. diff --git a/astro/src/content/docs/apis/_tenant-application-email-configuration.mdx b/astro/src/content/docs/apis/_tenant-application-email-configuration.mdx index 4398cafd64..818b3da142 100644 --- a/astro/src/content/docs/apis/_tenant-application-email-configuration.mdx +++ b/astro/src/content/docs/apis/_tenant-application-email-configuration.mdx @@ -25,7 +25,7 @@ import InlineField from 'src/components/InlineField.astro'; The Id of the Email Template used to send emails to users when their email address is updated. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } @@ -49,7 +49,7 @@ import InlineField from 'src/components/InlineField.astro'; The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } @@ -59,13 +59,13 @@ import InlineField from 'src/components/InlineField.astro'; The Id of the Email Template used to send emails to users when they log in on a new device. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } The Id of the Email Template used to send emails to users when a suspicious login occurs. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } @@ -79,13 +79,13 @@ import InlineField from 'src/components/InlineField.astro'; The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } The Id of the Email Template used to send emails to users when their password has been updated. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } @@ -113,13 +113,13 @@ import InlineField from 'src/components/InlineField.astro'; The Id of the Email Template used to send emails to users when a MFA method has been added to their account. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. {props.application_email_config_override_text} - {props.show_feature_blurb && } + {props.show_feature_blurb && } diff --git a/astro/src/content/docs/apis/_tenant-authentication.mdx b/astro/src/content/docs/apis/_tenant-authentication.mdx index f96c1fd927..2f0ea17fa2 100644 --- a/astro/src/content/docs/apis/_tenant-authentication.mdx +++ b/astro/src/content/docs/apis/_tenant-authentication.mdx @@ -1,3 +1,4 @@ +import APIKeyCrossTenantNote from 'src/content/docs/apis/_api-key-cross-tenant-note.mdx'; import Aside from 'src/components/Aside.astro'; ## Making an API Request Using a Tenant Id @@ -28,9 +29,7 @@ curl -v -X POST \ You may optionally create an API key scoped to a particular tenant. Below, we have selected the `Pied Piper` tenant for this API key. Only Users, Groups and Applications belonging to the `Pied Piper` tenant will be visible to this API. diff --git a/astro/src/content/docs/apis/_tenant-request-body.mdx b/astro/src/content/docs/apis/_tenant-request-body.mdx index 86aac21815..a207726977 100644 --- a/astro/src/content/docs/apis/_tenant-request-body.mdx +++ b/astro/src/content/docs/apis/_tenant-request-body.mdx @@ -20,7 +20,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of the [IP Access Control List](/docs/apis/ip-acl) limiting access to all applications in this tenant. - + @@ -28,27 +28,27 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; - + Whether captcha configuration is enabled. - + The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to `true`. - + The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to `true`. - + @@ -56,7 +56,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The value must be between `0.0` and `1.0`. Values outside of that range will result in an error. - + @@ -236,6 +236,12 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Prior to version `1.28.0` this value was required. + + The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when application.oauthConfiguration.consentMode is set to `RememberDecision`. Value must be greater than 0. + + + + The time in seconds that a SAML AuthN request Id returned by the Start SAML v2 Login Request API will be eligible to be used to complete a SAML v2 Login request. @@ -298,14 +304,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn `navigator.credentials.get` API call. Value must be greater than 0. - + The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn `navigator.credentials.create` API call. Value must be greater than 0. - + @@ -385,7 +391,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; When this parameter is not provided, it will default to the form Id currently assigned to the Default tenant. - + @@ -462,7 +468,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM User Request Lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -470,7 +476,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM User Response Lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -478,7 +484,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM Group Request Lambda that will be used to convert the SCIM Group request to a FusionAuth Group. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -486,7 +492,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM Group Response Lambda that will be used to convert a FusionAuth Group to a SCIM Server response. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -494,7 +500,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM User Request Lambda that will be used to convert the SCIM User request to a FusionAuth User. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -502,7 +508,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a SCIM User Response Lambda that will be used to convert a FusionAuth User to a SCIM Server response. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -580,7 +586,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The Id of a lambda that will be called to populate the JWT during a client credentials grant. - + @@ -636,6 +642,8 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The maximum length of a password when a new user is created or a user requests a password change. + + This value must be greater than `0` and less than or equal to `256`. When passwordEncryptionConfiguration.encryptionScheme is equal to `bcrypt`, the maximum will be limited to `50`. @@ -669,7 +677,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Whether rate limiting is enabled for failed login. - + @@ -678,7 +686,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -687,14 +695,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + Whether rate limiting is enabled for forgot password. - + @@ -703,7 +711,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -712,14 +720,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + Whether rate limiting is enabled for send email verification. - + @@ -728,7 +736,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -737,14 +745,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + Whether rate limiting is enabled for send passwordless. - + @@ -753,7 +761,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -762,14 +770,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + Whether rate limiting is enabled for send registration verification. - + @@ -778,7 +786,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -787,14 +795,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + Whether rate limiting is enabled for send two factor. - + @@ -803,7 +811,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + @@ -812,21 +820,21 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Required when `enabled` is set to `true`. - + A list of unique domains that are not allowed to register when self service is enabled. - + The Entity Type that will be used to represent SCIM Clients for this tenant. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -834,7 +842,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; Whether or not this tenant has the SCIM endpoints enabled. - + @@ -844,14 +852,14 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. - + The Entity Type that will be used to represent SCIM Servers for this tenant. - + Required when tenant.scimServerConfiguration.enabled is `true`. @@ -877,7 +885,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; When `true`, FusionAuth will handle username collisions by generating a random suffix. - + @@ -905,17 +913,17 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The recommended value for the bootstrap workflow is `any`. - + - + Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must "bootstrap" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. - + @@ -928,21 +936,21 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; It is _highly_ recommended to use the `required` option for the bootstrap workflow. - + Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. - + Whether or not this tenant has WebAuthn enabled globally. - + @@ -955,17 +963,17 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; The recommended value for the reauthentication workflow is `platform`. - + - + Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. - + @@ -978,7 +986,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; It is _highly_ recommended to use the `required` option for the reauthentication workflow. - + @@ -987,7 +995,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; When this parameter is omitted, FusionAuth will use `null` for the Relying Party Id in passkey creation and request options. A `null` value in the [WebAuthn JavaScript API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API) will use the browser origin. - + @@ -996,7 +1004,7 @@ import TransactionTypes from 'src/content/docs/apis/_transaction-types.mdx'; When this parameter is omitted, FusionAuth will use the tenant.issuer value. - + diff --git a/astro/src/content/docs/apis/_tenant-response-body-base.mdx b/astro/src/content/docs/apis/_tenant-response-body-base.mdx index 5106569c6d..2be13e4be5 100644 --- a/astro/src/content/docs/apis/_tenant-response-body-base.mdx +++ b/astro/src/content/docs/apis/_tenant-response-body-base.mdx @@ -179,6 +179,10 @@ import JSON from 'src/components/JSON.astro'; + + The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when application.oauthConfiguration.consentMode is set to `RememberDecision`. Value must be greater than 0. + + The time in seconds that a SAML AuthN request Id returned by the Start SAML v2 Login Request API will be eligible to be used to complete a SAML v2 Login request. diff --git a/astro/src/content/docs/apis/_theme-request-body-suffix.mdx b/astro/src/content/docs/apis/_theme-request-body-suffix.mdx deleted file mode 100644 index 72adb568f1..0000000000 --- a/astro/src/content/docs/apis/_theme-request-body-suffix.mdx +++ /dev/null @@ -1,3 +0,0 @@ -import JSON from 'src/components/JSON.astro'; - - diff --git a/astro/src/content/docs/apis/_theme-request-body.mdx b/astro/src/content/docs/apis/_theme-request-body.mdx deleted file mode 100644 index 1194c02291..0000000000 --- a/astro/src/content/docs/apis/_theme-request-body.mdx +++ /dev/null @@ -1,18 +0,0 @@ -import APIField from 'src/components/api/APIField.astro'; - - - An object that can hold any information about the Theme that should be persisted. - - - A properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file. Required if not copying an existing Theme. - - - A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String. - - - A unique name for the Theme. - - - A CSS stylesheet used to style the templates. - - diff --git a/astro/src/content/docs/apis/_theme-response-body-suffix.mdx b/astro/src/content/docs/apis/_theme-response-body-suffix.mdx deleted file mode 100644 index ee4940b1e1..0000000000 --- a/astro/src/content/docs/apis/_theme-response-body-suffix.mdx +++ /dev/null @@ -1,3 +0,0 @@ -import JSON from 'src/components/JSON.astro'; - - diff --git a/astro/src/content/docs/apis/_theme-template-fields.astro b/astro/src/content/docs/apis/_theme-template-fields.astro deleted file mode 100644 index 7eac6b2c45..0000000000 --- a/astro/src/content/docs/apis/_theme-template-fields.astro +++ /dev/null @@ -1,22 +0,0 @@ ---- -import templates from 'src/content/json/themes/templates.json'; -import APIField from 'src/components/api/APIField.astro'; -import { marked } from 'marked'; - -const { fieldPrefix, singleRequest, singleResponse } = Astro.props; - -templates.sort((a, b) => { return a.fieldName.toUpperCase().localeCompare(b.fieldName.toUpperCase())}); ---- -{templates.map((tmpl) => - - {tmpl.rawDescription ? -

    - {tmpl.rawDescription} -

    : -

    - A FreeMarker template that is rendered when the user requests the {tmpl.path} path. -

    - } -     -)} - diff --git a/astro/src/content/docs/apis/_user-data-email-field-response.mdx b/astro/src/content/docs/apis/_user-data-email-field-response.mdx index 49bde1062f..01ac49e3c5 100644 --- a/astro/src/content/docs/apis/_user-data-email-field-response.mdx +++ b/astro/src/content/docs/apis/_user-data-email-field-response.mdx @@ -4,5 +4,5 @@ import APIField from 'src/components/api/APIField.astro'; This field will be used as the email address if no user.email field is found. - This feature was removed in version 1.26.0 and added back in in 1.27.2. + This feature was removed in version 1.26.0 and added back in 1.27.2. diff --git a/astro/src/content/docs/apis/_user-email-verification-ids-response.mdx b/astro/src/content/docs/apis/_user-email-verification-ids-response.mdx new file mode 100644 index 0000000000..54ea345aac --- /dev/null +++ b/astro/src/content/docs/apis/_user-email-verification-ids-response.mdx @@ -0,0 +1,20 @@ +import APIField from 'src/components/api/APIField.astro'; +import InlineField from 'src/components/InlineField.astro'; + + + An email verification Id. When present, this will represent the user's current email verification Id. + + When using `FormField` verification strategy, this is the first part of the pair of verification Ids, and the emailVerificationOneTimeCode is the second part. When `ClickableLink` is the verification strategy, this value is sensitive in that this value by itself can be used to verify the user's email address. + + When `ClickableLink` is the verification strategy, this is the value that will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service. + + Prior to version `1.49.0`, this value was only returned when using `FormField` verification strategy. Beginning in `1.49.0` the value is always returned when available. + + + + An email one time code that will be paired with the emailVerificationId. + + When `FormField` is the verification strategy, this is the value that will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service. + + This value will only be present when using the `FormField` verification strategy. When present, this is the value the user will need to enter to complete email verification. + diff --git a/astro/src/content/docs/apis/_user-login-response.mdx b/astro/src/content/docs/apis/_user-login-response.mdx new file mode 100644 index 0000000000..143563d248 --- /dev/null +++ b/astro/src/content/docs/apis/_user-login-response.mdx @@ -0,0 +1,29 @@ +import APIField from 'src/components/api/APIField.astro'; +import InlineField from 'src/components/InlineField.astro'; + + + The pending identity provider link Id. This value is created when logging in with an identity provider configured with a linking strategy of Create a pending link. It will only be included in the response body when this strategy is configured and a link does not yet exist for the user. It is used in conjunction with the Link APIs to complete a pending link. + + + + The refresh token that can be used to obtain a new access token once the provided one has expired. + + Because a refresh token is per user and per application, this value will only be returned when an applicationId was provided on the login request and the user is registered to the application. + + You must explicitly allow generation of refresh tokens when using the Login API. + + Configure the application.loginConfiguration.generateRefreshTokens setting via the API or enable the setting by navigating to the Application -> My Application -> Security tab. + + + + When the refreshToken is returned in the response, this field will also be returned. This unique Id is the persistent identifier for this refresh token, and will not change even when using one-time use refresh tokens. This value may optionally be used to revoke the token using the Refresh Token API. + + + If authenticated using a One Time Password and state was provided during the Change Password request this value will be returned exactly as it was provided. + + + If authenticated using Two Factor and state was provided during the Two Factor Start request this value will be returned exactly as it was provided. + + + If state was provided during the passwordless login send request this value will be returned exactly as it was provided. + diff --git a/astro/src/content/docs/apis/_user-memberships-response.mdx b/astro/src/content/docs/apis/_user-memberships-response.mdx new file mode 100644 index 0000000000..ce800c268f --- /dev/null +++ b/astro/src/content/docs/apis/_user-memberships-response.mdx @@ -0,0 +1,17 @@ +import APIField from 'src/components/api/APIField.astro'; + + + The list of memberships for the User. + + + An object that can hold any information about the User for this membership that should be persisted. + + + The Id of the Group of this membership. + + + The unique Id of this membership. + + + The instant that the membership was created. + diff --git a/astro/src/content/docs/apis/_user-registration-combined-request-body.mdx b/astro/src/content/docs/apis/_user-registration-combined-request-body.mdx index 5bef8cd99c..167abbc8d3 100644 --- a/astro/src/content/docs/apis/_user-registration-combined-request-body.mdx +++ b/astro/src/content/docs/apis/_user-registration-combined-request-body.mdx @@ -37,7 +37,7 @@ This request requires that you specify both the User object and the User Registr The Id of this registration. If this is not specified, FusionAuth will create a random UUID for you. - The list of roles that the User has for this Application. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone for this Application registration. The format is not enforced, however it is recommended to use a timezone in the TZ format such as @@ -147,7 +147,7 @@ This request requires that you specify both the User object and the User Registr The value of the mobile phone for this method. Only present if user.twoFactor.methods[x].method is `sms`. - A base64 encoded secret + A base64 encoded secret. This field is required when method is `authenticator`. diff --git a/astro/src/content/docs/apis/_user-registration-combined-response-body.mdx b/astro/src/content/docs/apis/_user-registration-combined-response-body.mdx index 858783ac95..c65ba33543 100644 --- a/astro/src/content/docs/apis/_user-registration-combined-response-body.mdx +++ b/astro/src/content/docs/apis/_user-registration-combined-response-body.mdx @@ -40,7 +40,7 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text. See [Locales](/docs/reference/data-types#locales). - The list of roles that the User has for this registration. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone. The string will be in an [IANA](https://www.iana.org/time-zones) time zone format. @@ -156,9 +156,6 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; The value of the mobile phone for this method. Only present if user.twoFactor.methods[x].method is `sms`. - - A base64 encoded secret - The User's preferred delivery for verification codes during a two factor login request. diff --git a/astro/src/content/docs/apis/_user-registration-request-body.mdx b/astro/src/content/docs/apis/_user-registration-request-body.mdx index 41a3b8a65c..07cac79d6e 100644 --- a/astro/src/content/docs/apis/_user-registration-request-body.mdx +++ b/astro/src/content/docs/apis/_user-registration-request-body.mdx @@ -29,7 +29,7 @@ import JSON from 'src/components/JSON.astro'; The Id of this registration. If not specified a secure random UUID will be generated. - The list of roles that the User has for this Application. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone for this Application registration. The string must be in an [IANA](https://www.iana.org/time-zones) time zone format. diff --git a/astro/src/content/docs/apis/_user-registration-response-body.mdx b/astro/src/content/docs/apis/_user-registration-response-body.mdx index b40af21937..e463a1376e 100644 --- a/astro/src/content/docs/apis/_user-registration-response-body.mdx +++ b/astro/src/content/docs/apis/_user-registration-response-body.mdx @@ -39,7 +39,7 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text. See [Locales](/docs/reference/data-types#locales). - The list of roles that the User has for this registration. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone for this registration. The string will be in an [IANA](https://www.iana.org/time-zones) time zone format. @@ -62,9 +62,26 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; This value indicates if this User's registration has been verified. + + When registration verification is enabled, this value will be returned if the registration has not yet been verified. + + When using FormField verification strategy, this is the first part of the pair of verification Ids, and the registrationVerificationOneTimeCode is the second part. When ClickableLink is the verification strategy, this value is sensitive in that this value by itself can be used to verify the registration. + + When ClickableLink is the verification strategy, this is the value that will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service. + + Prior to version 1.49.0, this value was only returned when using FormField verification strategy. Beginning in 1.49.0 the value is always returned when available. + + + A registration one time code that will be paired with the registrationVerificationId. + + This value will only be present when when FormField is configured as the verification strategy. When present, this value will have been emailed to the user in order to complete verification. If you have not configured SMTP, you may optionally use this value to use an out of band transport such as your own email service. + The access token, this string is an encoded JSON Web Token (JWT). + + The instant the token will expire. If the response does not contain a token, this field will also be omitted from the response. + {!props.registration_create_response && } diff --git a/astro/src/content/docs/apis/_user-registration-verification-ids-response.mdx b/astro/src/content/docs/apis/_user-registration-verification-ids-response.mdx new file mode 100644 index 0000000000..fa11703687 --- /dev/null +++ b/astro/src/content/docs/apis/_user-registration-verification-ids-response.mdx @@ -0,0 +1,20 @@ +import APIField from 'src/components/api/APIField.astro'; +import InlineField from 'src/components/InlineField.astro'; + + + A map of registration verification Id keyed by the `application`. When present, this will represent the user's current registration verification Ids. + + When using `FormField` verification strategy, this is the first part of the pair of verification Ids, and the one time code in the registrationVerificationOneTimeCodes map is the second part. When `ClickableLink` is the verification strategy, this value is sensitive in that this value by itself can be used to verify the user's registration. + + When `ClickableLink` is the verification strategy, you may optionally use this value to use an out of band transport such as your own email service. + + Prior to version `1.49.0`, this value was only returned when using `FormField` verification strategy. Beginning in `1.49.0` the value is always returned when available. + + + + A registration one time code that will be paired with the verification Id in the registrationVerificationIds map. + + When `FormField` is the verification strategy, you may optionally use this value to use an out of band transport such as your own email service. + + This value will only be present when using the `FormField` verification strategy. When present, this is the value the user will need to enter to complete registration verification. + diff --git a/astro/src/content/docs/apis/_user-request-body.mdx b/astro/src/content/docs/apis/_user-request-body.mdx index 9b2048beb6..2424a3e210 100644 --- a/astro/src/content/docs/apis/_user-request-body.mdx +++ b/astro/src/content/docs/apis/_user-request-body.mdx @@ -197,7 +197,7 @@ You must specify either the **email** or the **username** or both for the User. - A base64 encoded secret + A base64 encoded secret. This field is required when method is `authenticator`. diff --git a/astro/src/content/docs/apis/_user-response-body.mdx b/astro/src/content/docs/apis/_user-response-body.mdx index e4a23fb177..c15a413e3c 100644 --- a/astro/src/content/docs/apis/_user-response-body.mdx +++ b/astro/src/content/docs/apis/_user-response-body.mdx @@ -5,38 +5,18 @@ import JSON from 'src/components/JSON.astro'; import ModerationStatusResponse from 'src/content/docs/apis/_moderation_status_response.mdx'; import RemovedSince from 'src/components/api/RemovedSince.astro'; import UserDataEmailFieldResponse from 'src/content/docs/apis/_user-data-email-field-response.mdx'; +import EmailVerificationIdsFieldsResponse from 'src/content/docs/apis/_user-email-verification-ids-response.mdx'; +import RegistrationVerificationIdsFieldsResponse from 'src/content/docs/apis/_user-registration-verification-ids-response.mdx'; +import UserMembershipFieldsResponse from 'src/content/docs/apis/_user-memberships-response.mdx'; +import UserTokenFieldsResponse from 'src/content/docs/apis/_user-token-response.mdx'; +import UserLoginFieldsResponse from 'src/content/docs/apis/_user-login-response.mdx'; #### Response Body - { (props.login_response || props.passwordless_login_response) && <> - - - The pending identity provider link Id. This value is created when logging in with an identity provider configured with a linking strategy of Create a pending link. It will only be included in the response body when this strategy is configured and a link does not yet exist for the user. It is used in conjunction with the Link APIs to complete a pending link. - - - - The refresh token that can be used to obtain a new access token once the provided one has expired. - - Because a refresh token is per user and per application, this value will only be returned when an applicationId was provided on the login request and the user is registered to the application. - - You must explicitly allow generation of refresh tokens when using the Login API. Configure the application.loginConfiguration.generateRefreshTokens setting via the API or enable the setting by navigating to the Application -> My Application -> Security tab. - - - - When the refreshToken is returned in the response, this field will also be returned. This unique Id is the persistent identifier for this refresh token, and will not change even when using one-time use refresh tokens. This value may optionally be used to revoke the token using the Refresh Token API. - - - If authenticated using a One Time Password and state was provided during the Change Password request this value will be returned exactly as it was provided. - - - If authenticated using Two Factor and state was provided during the Two Factor Start request this value will be returned exactly as it was provided. - - - If state was provided during the passwordless login send request this value will be returned exactly as it was provided. - - - } + { (props.login_response || props.passwordless_login_response) && + + } A trust token that may be used to complete another API request that requires trust. For example, if you receive an error from an API indicating trust is required - indicated by this error code `[TrustTokenRequired]`, this value can be used to satisfy the trust requirement. @@ -46,16 +26,17 @@ import UserDataEmailFieldResponse from 'src/content/docs/apis/_user-data-email-f subsequent login requests to bypass the Two Factor challenge. - { (props.create_user || props.login_response || props.passwordless_login_response || props.idp_response) && <> + { (props.create_user || props.login_response || props.passwordless_login_response || props.idp_response) && + + } - - The access token, this string is an encoded JSON Web Token (JWT). - - - The instant the token will expire. If the response does not contain a token, this field will also be omitted from the response. - + { (props.create_user || props.update_user || props.retrieve_user) && + + } - } + { props.retrieve_user && + + } True if the User is active. False if the User has been deactivated. Deactivated Users will not be able to login. @@ -112,25 +93,9 @@ import UserDataEmailFieldResponse from 'src/content/docs/apis/_user-data-email-f The [instant](/docs/reference/data-types#instants) when the User was last updated. - {!props.create_user && <> - - - The list of memberships for the User. - - - An object that can hold any information about the User for this membership that should be persisted. - - - The Id of the Group of this membership. - - - The unique Id of this membership. - - - The instant that the membership was created. - - - } + {!props.create_user && + + } The User's middle name. @@ -178,7 +143,7 @@ import UserDataEmailFieldResponse from 'src/content/docs/apis/_user-data-email-f An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text. - The list of roles that the User has for this registration. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone for this registration. The string will be in an [IANA](https://www.iana.org/time-zones) time zone format. @@ -243,9 +208,6 @@ import UserDataEmailFieldResponse from 'src/content/docs/apis/_user-data-email-f The value of the mobile phone for this method. Only present if user.twoFactor.methods``[x]``.method is `sms`. - - A base64 encoded secret - The User's preferred delivery for verification codes during a two factor login request. diff --git a/astro/src/content/docs/apis/_user-token-response.mdx b/astro/src/content/docs/apis/_user-token-response.mdx new file mode 100644 index 0000000000..2394d1db4a --- /dev/null +++ b/astro/src/content/docs/apis/_user-token-response.mdx @@ -0,0 +1,9 @@ +import APIField from 'src/components/api/APIField.astro'; +import InlineField from 'src/components/InlineField.astro'; + + + The access token, this string is an encoded JSON Web Token (JWT). + + + The instant the token will expire. If the response does not contain a token, this field will also be omitted from the response. + diff --git a/astro/src/content/docs/apis/_users-response-body.mdx b/astro/src/content/docs/apis/_users-response-body.mdx index f91b7e4124..4efdfc392a 100644 --- a/astro/src/content/docs/apis/_users-response-body.mdx +++ b/astro/src/content/docs/apis/_users-response-body.mdx @@ -141,7 +141,7 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; An array of locale strings that give, in order, the User's preferred languages for this registration. These are important for email templates and other localizable text. See [Locales](/docs/reference/data-types#locales). - The list of roles that the User has for this registration. + The list of roles that the User has for this registration. The string is the role's `Name` not the role's `Id`, e.g. `admin` or `user-role`. The User's preferred timezone for this registration. The string will be in an [IANA](https://www.iana.org/time-zones) time zone format. @@ -202,11 +202,6 @@ import RemovedSince from 'src/components/api/RemovedSince.astro'; The value of the mobile phone for this method. Only present if user.twoFactor.methods[x].method is sms. - - A base64 encoded secret - - This field is required when method is authenticator. - The User's preferred delivery for verification codes during a two factor login request. diff --git a/astro/src/content/docs/apis/applications.mdx b/astro/src/content/docs/apis/applications.mdx index fdaf5895d7..e5baef3e04 100644 --- a/astro/src/content/docs/apis/applications.mdx +++ b/astro/src/content/docs/apis/applications.mdx @@ -45,11 +45,11 @@ This API is used to create an Application. Specifying an Id on the URI will inst - The Id to use for the new Application. If not specified a secure random UUID will be generated. + The Id to use for the new Application, which must be unique across all Tenants. If not specified a secure random UUID will be generated. - +
    Code